How To Determine The Origin Of Spam? - Each Received...
(Page 3 of 7 )
Each Received: line is inserted at the top of the message header. If we want to reproduce the messageís path from sender to recipient, we start from the topmost Received: line and walk down until the last one, which is where the email originated.
Just like the From: field the Received: lines may contain forged information to fool those who would want to trace the spammer. Because every mail server inserts the Received: line at the top of the header, we start the analysis from the top.
The Received: lines forged by spammers usually look like normal Received: fields. We can hardly tell whether the Received: line is forged or not at first sight. We should analyze all the Received: lines chain to find out a forged Received: field.
As we mentioned above, every mail server registers not only its name but also the IP address of the machine it got the message from. We simply need to look what name a server puts and what the next server in the chain says. If the servers donít match, the earlier Received: line is forged.
The origin of the email is what the server immediately after the forged Received: line says about where it received the message from.
More How To Articles
More By Jase Dow