[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, Mar 29, 2013 at 4:41 PM, tom wrote:
> Can you be sure - all that stuff is so easily spoofed unless its properly
> signed. I used to send messages from Bill Gates and the only way to 'prove'
> they didn't come from there was IF there was some way of proving the servers
> weren’t up/existing at the times I gave.
>From the headers of that message:
Received: from nm25-vm0.bullet.mail.ird.yahoo.com ([212.82.109.201])
by pi.a-squared.co.uk with smtp (Exim 4.72)
(envelope-from <ifindthatinteresting@xxxxxxxxx>) id 1UKzf9-0007Hd-Ih
for list@xxxxxxxxxxxxx; Wed, 27 Mar 2013 23:21:47 +0000
This means that the list server (pi.a-squared.co.uk) received the
email from 212.82.109.201, which has a reverse DNS record
nm25-vm0.bullet.mail.ird.yahoo.com. That in itself already shows that
that is one of Yahoo's servers; you can do a whois lookup on the IP
address to confirm that.
The connecting IP address is the only part of an email that isn't
signed of which you can be sure that is correct.
In theory it could be that the list server is compromised and that
this Received header is take. This is possible, but extremely
unlikely, if only because there are much worse things you can do with
compromised accounts. Even less likely is the possibility that the
whois and/or DNS records have been compromised.
So yes, we can be sure the messages came from Yahoo.
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq