Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

gav (2710)

gav
  (email not shown publicly)
http://www.estey.com/
AOL IM: flufflegavin (Add Buddy, Send Message)

Hacker in NYC.

Journal of gav (2710)

Sunday August 10, 2003
11:03 AM

broken dns?

[ #14032 ]

I got an email from somebody complaining that somebody at my domain is sending them spam. The reason they thought it was me was this line in the headers:

Received: from ky5n.japh.org [51.14.80.160] by h0010959fb25c.ne.client2.attbi.com with ESMTP id F89AE670481; Sun, 10 Aug 2003 08:15:02 -0700

How can somebody be using a host that doesn't exist?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Bogus hostnames (Score:3, Informative)

    by vsergu (505) on 2003.08.10 14:19 (#22966) Journal
    The name immediately after the "from" in the "Received:" line is just whatever the remote mail server says it is, so there's no reason to believe it's accurate or even exists, especially with spam. The IP address in brackets should be real (assuming the "Received:" line itself is real -- make sure you're not reading past the first one that was added by a trustworthy host (which is often just the first one)). Sometimes there'll be another hostname in parentheses before the IP address, which should be the result of a reverse DNS lookup. If the hostnames don't match, something shady could be going on.