On Fri, 16 Jan 1998, era eriksson wrote:
> Received: from 4dPT8Qp41 (port44.nanu.prodigy.net [204.237.245.44])
> by ixc.ixc.net (8.8.5/8.8.5) with SMTP id GAA13998;
> Fri, 16 Jan 1998 06:08:34 -0500 (EST)
This is a pretty good sign of a forgery, or at least a potential
forgery. If the "Received: from X" is ridiculously different from
what's in the parentheses after it, it's suspect (but this, too, is
merely a good guess).
Not really. :) Depending on how one sets up their home machine, this is
quite possible. Note that when I bother to connect via PPP (or Slirp) my
email headers do look like this. Becuase that X is Vallhalla or Asgard or
Doghouse depending on the PC I connected with.
> Message-ID: <jJC8duq(_at_)4ukg8A96lmhg8>
The Message-Id doesn't contain a valid host name. Legitimate software
does this, too, but it's another thing to look out for.
I use heavy scoring against any message where the message-id does not end
in a legit domain.
--
Goldenstern's Rules:
(1) Always hire a rich attorney
(2) Never buy from a rich salesman.