View Single Post
  #4 (permalink)  
Old 21st November, 2001, 12:59 AM
Aedan Aedan is offline
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Mail spoofing is trivial to acheive.

Basically, there's two places the address comes from.

If you're using something like Outlook, then when it retrieves the email from your ISP using POP3, it looks inside the message header for something like
From: AidanII <Notformail@localhost>
and uses that for the display. This is the most trivial form to use, as servers generally don't touch much in the headers, other than adding their name to the list of servers it's been through.

If you're using your own server, then the mail server connecting has a little conversation that goes like... (Italics are the receiving server, bold is the sending server)
220 mail.localhost Weasel 1.20 ready
EHLO dodgy_geezer.com
250 mail.localhost teletubbies say ehlo
MAIL FROM: sender_name@here.com
250 Sender accepted
RCPT TO: receiver_name@there.com
250 mailbox OK
DATA
354 Socket to me
<your message gets sent here>

The problem is, you don't get to see what happened at the server, so there's no way you can trace the IP address that delivered the mail, assuming it's traceable. Basically, all you can do is allow it to drop!

AidanII
__________________
Reply With Quote