IANA reserved addresses in mail headers
Results 1 to 3 of 3

Thread: IANA reserved addresses in mail headers

  1. #1
    Join Date
    May 2002

    IANA reserved addresses in mail headers

    In reviewing the headers on some spam I received I'm finding origination IP addresses in IANA reserved blocks. Aren't these addresses supposed to be blocked from use? Are they spoofed? If so, is there anyway to find the real sending address?


    Received: from dochristsangareepf61 (incongruity[])
    by worldnet.att.net (nhjlbhs05) with SMTP
    [glowpurple]I\'d tell you about my paranoia but I think someone else is listening.[/glowpurple]

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    It's probably spoofed. The last Recieved: header that actually resolves to something is usually the sender. Work your way down from the mailservers you know (most notably the ones from your provider) and trace/verify every Recieved: header.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Not all machines which email travels through need to have public IP addresses; as few as none could do if it's an internal mail.

    So no, they need not be spoofed, they could be genuine (but as these IP addresses are not globally unique, they are not helpful in tracing)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts