Hi Lynn,
On Sun, 23 Jun 2002 21:00:08 -0700, you wrote:
> Thanks ..
>
> Is there any way, apart from intuitive deduction, to
> identify which information is forged, and which genuine?
Take a quick look at the headers... some (helpful) mail servers put in "may be
forged" headers along with the details. This is often a good sign that the
spammer attempted to claim the message was from a source it wasn't. For
example:
Received: from caramail.com (host-213-131-71-117.link.com.eg [213.131.71.117]
(may be forged))
by vampire.certiflexdimension.com (8.11.2/8.11.6) with SMTP id g5NDbnM09140
for <[EMAIL PROTECTED]>; Sun, 23 Jun 2002 08:37:51 -0500
Notice the line says it's from caramail.com, then has the real host details of a
dial up connection in the brackets... clearly the spammer attempted to forge the
header, but the mail server pointed it out. But apart from actually sitting
there, and processing them, no real quick way. I guess you could submit it to
spamcop, and get spamcop to do all the header processing for you, and when you
have the details, cancel the report... just an idea ;)
--
Jonathan Angliss
([EMAIL PROTECTED])
________________________________________________________
Current Ver: 1.60q
FAQ : http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
