Hi Lynn, On Sun, 23 Jun 2002 20:39:20 -0700, you wrote: [snip]
> I have no problem with the command line, but it's not > clear to me how this helps with a header that contains > only my mail address in the header, in both the 'from' and > 'to' positions .. or will it extract the *actual* sender's > ip location, rather than mine? Try looking at the Full headers for the email... The From: header is easily forged, as you can tell, and can also be guessed from the recent Klez virus (or 99% of spam) ;) By tracing down the recieved headers, you can work out the path it took, and ultimately the senders ISP, providing they didn't use some obscure proxy server to send through. > If so, this might help me track an email for a friend > which we suspect contains a forged sender location. As I said the From is easily forged, but often the path the email took cannot be forged. > I thought the last routing (closest to the body of the > mail) was the originator ... no? Yes... I think that is what I said, probably said it in the wrong way though. I have a habbit of doing that sometimes ;) > Thanks for the input! Glad I could help a little :) -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.60q FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
