Re: [OffTopic] fakemail.faq

From: Edward Almasy (
Date: 12/10/96

Chuck Carson writes:
> 2) This FAQ is _light years_ behind current software engineering. EVERY
> piece of data transferred via any form of network (ie: the internet) is
> broken into packets and these packets contain two addresses. Where it is
> going and where it is from. This is much deeper than netscape mail or any
> other mail program deals with. If you wanted to alter the packet addresses
> you would have to be on a backbone reuter, such as sprintnet machines. 
> (yea you can alter it from your machine or server, but the backbone machines
> append it's stamp to each packet)

[annoying buzzer like The Price is Right]

This is all very nice, but it's irrelevant because nobody keeps logs
detailing the source, destination, and content of every IP packet
that traverses the net.  The FAQ that was posted, while off-topic
and far from comprehensive, actually does a good job of explaining
the basics of how internet mail is forged, and could be recommended
reading for anyone who wants to understand the core techniques.

I would suggest that any further forged messages be forwarded by the
victim (with all header information intact and a brief note explaining
the problem) to "postmaster" at whatever domains are mentioned in the
mail header.  The full header information, combined with the content
of the appropriate syslogd file on the indicated mail host, will often
be enough to pinpoint the culprit.

Edward Almasy
Axis Data

| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   |

This archive was generated by hypermail 2b30 : 12/18/00 PST