funsec mailing list archives
Strange address in mail header
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 13 Jan 2006 08:25:20 -0500
A friend of mine who sends out a mailing list through another friend's service was getting some non-deliveries and asked me to look at these. Here's the interesting part of the header with some of the addresses and names blanked out to protect the innocent: Received: from daa20725rs002.friend2domain.com (daa20725rs002.friend2domain.com [aaa.bbb.ccc.ddd]) by inbound-mx20.atl.registeredsite.com (8.12.11/8.12.11) with ESMTP id k07DjJg8029294 for <friend1 () friend1domain com>; Sat, 7 Jan 2006 08:45:21 -0500 Received: from daa10354www002 ([1.4.167.11]) by daa20725rs002.friend2domain.com with Microsoft SMTPSVC(5.0.2195.6713); Friend1domain, friend2domain and aaa.bbb.ccc.ddd are phony, but the header really does indicate that 1.4.167.11 is the origin of the message, and this address shows up as IANA reserved, the way I see it. (you can also see that friend1 is an Interland customer, but I think that's irrelevant, because friend2 is the one at issue. 1.4.167.11 is spoofed, right? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Strange address in mail header Larry Seltzer (Jan 13)
- Re: Strange address in mail header Dr. Neal Krawetz (Jan 13)
- RE: Strange address in mail header Gary Funck (Jan 13)
- Re: Strange address in mail header Valdis . Kletnieks (Jan 13)
- RE: Strange address in mail header Gary Funck (Jan 13)
- Re: Strange address in mail header Dr. Neal Krawetz (Jan 13)