> On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote: > > > Here are examples of the Received Headers for the type of spam > > that are being sent with forged email addresses for a domain that > > I host. > > The Received headers in spams cannot be trusted, except for the > Received headers put in by relays run by *you* or someone you trust. > Received headers are trivially easy to forge and cary very little > useful information in spams.
These are Received Headers provided by the ISP that sent me the bounce message, not because of spam, but because the recipient did not exist. They put the Original Spam Full Headers in the message that they sent to me. If I can trust that my server identified the last server and the last server was the recipient server, then I think I can trust that they sent me the Full Headers as they received them. Yes, I know that the prior Received Headers could be forged. I don't think that these spambots are bothering to try to forge the Received Headers. Usually the first two Received Headers have IP Addresses assigned to the same ISP. SPF is not enough. It does not eliminate the zombie or spambot. Jim