Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

To: Mariner
-- Yes, every SMTP relay in the chain has record of where it's inbound mail comes from. --

With properly configured SMTP services, the header preserves all of the "Received" lines, so the chain is know to the ultimate recipient.

But the originator can spoof his sending IP address in the header, and some SMTP handlers don't check the header (in the email) against the network packet (which should have the same IP address), and forward the email anyway. There are other ways to "forge" or insert header lines.

There is tons of spoofed e-mail in the wild. Analysis based only on e-mail headers makes some huge assumptions, and the report I read (linked at the top of this thread) does not discuss those assumptions.

33 posted on 10/19/2016 9:48:55 PM PDT by Cboldt
[ Post Reply | Private Reply | To 7 | View Replies ]

To: Cboldt
You are leaving out the fact that very sophisticated hacks can spoof the IP address to match any originator and MAC address they want. And there will be no issue (no collisions) with this if you control one or more of the servers in the domain name system. In that case, the header will match perfectly, and what is more, incriminate the wrong person if that is what the hacker wants to do.

Not easy to do for non-State actors (but possible.)

And if NSA (for example) wants to make this look like a chain of possession that belongs to the Russians, they can.

51 posted on 10/19/2016 11:53:26 PM PDT by FredZarguna (And what Rough Beast, its hour come round at last, slouches toward Fifth Avenue to be born?)
[ Post Reply | Private Reply | To 33 | View Replies ]

Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson