Now here i have an email that has a client configured to relay the router's IP and even the internal host IP:
X-Gmail-Received: 8c16953d998260457d2e375b40f166b3a6606b3d
Delivered-To: [EMAIL PROTECTED]
Received: by 10.37.20.48 with SMTP id x48cs34124nzi;
Sat, 13 May 2006 04:34:10 -0700 (PDT)
Received: by 10.70.99.17 with SMTP id w17mr4074593wxb;
Sat, 13 May 2006 04:34:10 -0700 (PDT)
Return-Path: <[EMAIL PROTECTED]>
Received: from trinity.fingerapps.com ([202.163.194.172])
by mx.gmail.com with ESMTP id h39si2580920wxd.2006.05.13.04.34.08 ;
Sat, 13 May 2006 04:34:10 -0700 (PDT)
Received-SPF: neutral (gmail.com: 202.163.194.172 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED])
Received: from trinity.fingerapps.com (localhost.localdomain [127.0.0.1])
by trinity.fingerapps.com (8.13.6/8.13.6) with ESMTP id k4DBY4Ax003277
for < [EMAIL PROTECTED]>; Sat, 13 May 2006 19:34:07 +0800
Received: (from [EMAIL PROTECTED])
by trinity.fingerapps.com (8.13.6/8.13.6/Submit) id k4DBY4Na003276;
Sat, 13 May 2006 19:34:04 +0800
From: [EMAIL PROTECTED]
X-Authentication-Warning: trinity.fingerapps.com: apache set sender to [EMAIL PROTECTED] using -f
Received: from 192.168.0.12
(SquirrelMail authenticated user roger)
by fingerapps.com with HTTP;
Sat, 13 May 2006 19:34:04 +0800 (PHT)
Message-ID: <[EMAIL PROTECTED] >
Date: Sat, 13 May 2006 19:34:04 +0800 (PHT)
Subject: hello
To: [EMAIL PROTECTED]
User-Agent: SquirrelMail/1.4.6-5.fc4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
i got it. thanks
So this one is traceable.
On 5/13/06,
Eri Mendz <[EMAIL PROTECTED]> wrote:
So what are you guys saying now: that it is *likely* to get forged emails using specialized means?
I still give myself benefit of the doubt and verify my remote contact through live interaction like phone calls and the like.
On Sat, 13 May 2006 18:04:47 +0800
"Roger Filomeno" <[EMAIL PROTECTED]> wrote:
> >The real kicker is using a customised smtp server or a network of smtp
> servers.
> you can use fsockopen to connect to an open relay server, then most
> servers also removes the client's sender IP in which case it will just
> lead you to a dead end at the mail server's IP
>
> :)
>
> On 5/13/06, Rogelio Serrano <[EMAIL PROTECTED]> wrote:
> >
> > On 5/13/06, Eri Mendz < [EMAIL PROTECTED]> wrote:
> > > So ang huling "Received: from" pala matutukoy. Pwde ba to ma forge or
> > no? In my case im looking at several emails that i have suspicion with
> > however the originating ip's point to the same location. The strange
> > thing is: in the email body the company address shown is different,
> > eg., UK ang office pero ang ip origin Nigeria. Possible ba to?
> > >
> > > Thank you Peter sa input mo.
> > >
> >
> > All headers in an smtp email can be forged.
> >
> > The "received from:" header chain cannot be forged though. Additional
> > entries can be added before the email is actually sent. and the real
> > ip can actually be found after the first few inserted headers.
> >
> > The real kicker is using a customised smtp server or a network of smtp
> > servers.
> >
> > The only practical way to protect yourself from forged smtp headers is
> > to use signed email or use x.400 ;-)
> >
> > I heard the us military is using x.400 email to send and receive data.
> > Even among planes and tanks. Imagine what it would be like if they
> > used smtp instead.
> >
> > --
> > www.smsglobal.net SMS Global Ltd Short Message Service For Seafarers
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > [email protected] (#PLUG @ irc.free.net.ph)
> > Read the Guidelines: http://linux.org.ph/lists
> > Searchable Archives: http://archives.free.net.ph
> >
>
>
>
> --
> --
> To contact me anytime and anywhere via SMS:
> MSG GODIE <YOUR MESSAGE>
> then send to 2948 for Globe/Sun and 3940 for Smart.
>
> You want to have your own Mobile Address like me? Get it FREE at
> www.Txtmokko.com
> --
> PUT YOUR ADS ON THE HAND OF 35 MILLION PEOPLE. GET YOUR DOMAIN FOR MOBILE
> AT http://www.TxtDOMAIN.com
> _
> Roger P. Filomeno
> Mobile Specialist / R&D
> http://corruptedpartition.blogspot.com/
>
> * Finger Apps Inc, http://fingerapps.com * TXTMOKKO,
> http://txtmokko.com* MyAyala,
> http://myayala.com * KayaMoney e-Commerce, http://kayamoney.com/ *
> KayaShop e-Market, http://kayamoney.com/shop/ * Registered Linux User #
> 367694 * PGP IDs: 0xCB5F3FF7 / 0xDF7D2589 ( http://keyserver.pgp.com)
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
--
--
To contact me anytime and anywhere via SMS:
MSG GODIE <YOUR MESSAGE>
then send to 2948 for Globe/Sun and 3940 for Smart.
You want to have your own Mobile Address like me? Get it FREE at www.Txtmokko.com
--
PUT YOUR ADS ON THE HAND OF 35 MILLION PEOPLE. GET YOUR DOMAIN FOR MOBILE AT http://www.TxtDOMAIN.com
_
Roger P. Filomeno
Mobile Specialist / R&D
http://corruptedpartition.blogspot.com/
* Finger Apps Inc, http://fingerapps.com * TXTMOKKO, http://txtmokko.com * MyAyala, http://myayala.com * KayaMoney e-Commerce, http://kayamoney.com/ * KayaShop e-Market, http://kayamoney.com/shop/ * Registered Linux User # 367694 * PGP IDs: 0xCB5F3FF7 / 0xDF7D2589 (http://keyserver.pgp.com)
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
