Can someone help me understand some principles of spamming?

[Chris Wagner]

OK, I know that this is perhaps one of the most or the most talked about subject on this list as far as I've been able to tell at times, but I need some better clarification.

1. When someone sends a spam mail, their mail server inserts a time-date stamp (with source IP, etc) in the header and relays the message, yes?

(of course, that's obviously able to be forged, but theoretically speaking).

2. If that's the case (question #1), and the message gets passed through several hosts before connecting to our SIMS box, can it be that our SIMS box is having trouble identifying what to route to error? (which I see as highly unlikely, since I assume that SIMS routes only what you tell it to).

I guess my reason for this question (#2) is I need to know EXACTLY what SIMS does when it receives mail via SMTP and checks the router.

Does it do string compares against the router entries to make sure that there's nothing in the header, in particular, the return-path, that is identical?

3. That said, and if the verify return-path is checked, if others can forge that return-path, then what is the benefit of routing this to error?

4. How do the spammers forge the source IPs/domains and the return-paths?

5. Anything else anyone can tell me to shed some more light on this subject?

Thanks,

Chris



#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>