BoMbY Posted November 25, 2006 Share Posted November 25, 2006 Hello, i've just received a spam message, with a faked SMTP header entry: Received: from unknown (HELO mohamand) (126.96.36.199) by uhweb150XX.united-hoster.com with SMTP; 25 Nov 2006 22:23:13 +0100 Received: from 188.8.131.52 (HELO mx2.magic.fr) by x.de with esmtp (0T*7Y0,8T1+) 5448M) id N1J5XA-KY>+R;-A0 for x[at]x.de; Sat, 25 Nov 2006 21:22:52 -0120 The first entry is the correct SMTP header entry from my mail server. The second one is completely faked. (x[at]x.de is the mail address where the spam was send to, and x.de is the correct hostname). The from-IP-address which was used, seems to be chosen from the spammer (maybe randomly). The problem is: The SpamCop parser (and maybe others) takes this faked SMTP entry for real and blame the wrong target. Is there a way to avoid this, or maybe to build in a workaround for something like this in SpamCop? Thanks and Regards, BoMbY Edit: PS: Maybe it's possible to verify the whole way through the SMTP servers (by matching the "from IP" of every entry with the "by IP" from the entry before)? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.