ChrisIf I have SIMS setup to verify return paths, can I assume that the mailbox SIMS says it's coming from is accurate and not spoofed in any way?The reason I ask is this - at least ONE of these accounts hasn't been used for a very long time, and is coming from a local provider, journey.com.
My understanding is that SIMS does a DNS lookup on the Return-Path domain and makes sure it returns a valid IP. It does not do any kind of client verify.
So if some one spoofs "[EMAIL PROTECTED]" SIMS will accept that as valid, whereas "[EMAIL PROTECTED]" would probably fail - unless someone goes and registers that domain.
The attachments and spoofed return paths suggest a KLEZ type virus.
--
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
