>Received: by krypton.rain.com (rnr)
       via rnr; Thu, 22 Aug 2002 00:47:43 PST
To: opendos AT delorie DOT com
X-Original-Article-From: DJ Delorie <dj AT delorie DOT com>
Subject: Re: Remove Me
From: shadow AT krypton DOT rain DOT com (Leonard Erickson)
Message-ID: <20822.004743.8h2.rnr.w165w@krypton.rain.com>
Date: Thu, 22 Aug 2002 00:47:43 PST
In-Reply-To: <200208220102.g7M12td06289@envy.delorie.com>
Organization: Shadownet
X-Mailer: rnr v2.20
Received: from krypton by qiclab.scn.rain.com; Thu, 22 Aug 2002 03:00 PDT
Content-Type: text
Reply-To: opendos AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: opendos AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

In mail you write:

>
>> True, but the received lines from the point at which the message
>> entered the Internet *are* valid.
>
> Nope.  The only ones you can trust are as far back as machines you
> trust.  If you trust delorie.com, you can trust the "Received ... by
> delorie.com" line, but you can't always trust the lines further out
> than that - they're easily faked also.

Basicly, you can evaluate the other lines based on various criteria.
Some spammers put a lot of effort into faking received lines. Most just
fake the first one and send thru an open relay or otherwise compromised
machine.

-- 
Leonard Erickson (aka shadow{G})
 shadow AT krypton DOT rain DOT com        <--preferred
leonard AT qiclab DOT scn DOT rain DOT com     <--last resort