On Wed, 24 Nov 2004 14:32:37 +0100, Alex van den Bogaerdt
<alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> wrote:
On Wed, Nov 24, 2004 at 08:22:27AM -0500, Michael Hammer wrote:
You can trust that the IP address is what it looks. That does not
say anything about who's using it.
Agreed (for most cases).
Logged IP address inside headers may be spoofed. Connecting addresses
are, most likely, real.
Again, agreed.
However, I get mail forwarded from a friend. I completely trust
his setup and the previous hop is _most_likely_ not forged. I can
use the information in _that_ part of the headers with the same amount
of trust as I would trust a connecting IP address. AFAIK this is
something spamcop is also doing.
This is a specific case. The fact that you choose to trust your
friends setup does not make all mail setups trustworthy. All I'm
pointing out is that there is a difference between knowledge of the IP
that is connecting to you and the trustworthyness of that IP. You
trust your friends IP a priori. You might not extend that trust to an
unknown IP orginating from mainland China if you normally don't get
mail from there. You have a high confidence level as to whether the IP
connecting is really the IP that is connecting.
Mike