Hello, all.
I have received so lots of spam mails.
So I have used to see e-mail header(Received From: field) to see from which IP had sent the e-mail.
For example, I have received this spam mail today.
###### mail header #######
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.xxx.com ([211.xx.xx.xx])
by tt.co.kr (8.11.6/8.11.6) with ESMTP id j3J1QsK15121
for <[EMAIL PROTECTED]>; Tue, 19 Apr 2005 10:26:54 +0900
Received: from 211.198.142.138 ([211.198.142.138])
by mail.xxx.com (8.11.6/8.11.6) with SMTP id j3J1R7p12967
for <[EMAIL PROTECTED]>; Tue, 19 Apr 2005 10:27:07 +0900
Received: from 244.31.48.232 by ; Sat, 16 Apr 2005 06:23:30 -0700
Message-ID: <[EMAIL PROTECTED]>
and first Received field like below...
Received: from 244.31.48.232 by ; Sat, 16 Apr 2005 06:23:30 -0700
Yes, 244.31.48.232 is not assigned, so I think that this mail header is spoofed!!
If then, spammer can use assigned IP too, to spoof the e-mail header instead of not assigned ip.
So It is no meaning to track spammer by using "Received From: " mail header field, because he can make lots of spoofed "Received From" field using real IP.
So, tracking spammer is impossible or hard, right?
Is there any good method or howto to distinguish spoofed e-mail header from real e-mail header?
Thanks in advance.
_________________________________________________________________
증권 정보 가장 빠르고 편하게 보실 수 있습니다. MSN 증권/투자 http://www.msn.co.kr/stock/
