But, in general, that information is essential to identifying spoofed header
fields: it's by tracing the chain of "from" addresses in Received header
fields that one can determine that someone is attempting to do something
fraudulent.
Can you cite a real-world example of a case where you did something like this
recently, and explain how you were able to do what you
claim, above, is possible using just the header fields in the message?
Spam filters have been doing Received chain analysis for about 20
years. The principle is straightforward, the source in each header
should match the recipient in the header below it, and timestamps
should be in the right order. There's also heuristics based on
knowing what real headers from popular mail systems should look like.
The scripts I use to send off spam complaints do header analysis to
figure out who to complain to, and not to complain to addresses in
fake headers, so I'd say I do this about 100 times a day, every day,
in addition to spamassassin doing it on every incoming message that
it filters.
If you want to look at some code, spamassassin is at
http://spamassassin.apache.org/.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp