OT: Bad web site
Fairlight
fairlite at fairlite.com
Fri Jan 27 06:50:59 PST 2017
On Thu, Jan 26, 2017 at 12:14:40PM -0500, Kenneth Brody thus spoke:
>
> There's no escaping the Received tracing, but there's no guarantee
> that the bottom-most entries are real. A scammer could insert a few
> fake ones to look like it came from the expected company. However,
> if you were to trace the entire Received chain, you would find out
> otherwise.
How would they do that?
Received: headers are added at the MTA level. By that time, the message
has already left the control of the scammer's MUA.
They've have to have control of an upstream hop.
I suppose they could inject a Received: header before the real ones start,
but the discrepancy between that/those and the real ones is going to become
really obvious really quickly.
I'm also unsure of whether or not that MTA will accept forged Received:
headers. It may balk, especially if the previous received -by- does not
match the machine currently receiving it at the next hop. By all rights,
it -should- reject it, but I have a feelng not all MTAs are written that
intelligently. I certainly have doubts about Exchange.
mark->
--
Audio panton, cogito singularis.
More information about the Filepro-list
mailing list