June 11th, 2004, 06:04 PM
Can Received: fields be spoofed?
In the recent weeks, I've had to deal with some pissed off people sending emails back to the company because they contained viruses or some malicious content. Now, I know how easily the From and other parts of the email can be easily forged. Basically what's going on, is some smartass or multiple smartasses are going to our company website, copying the account names and forging the header information and sending emails to random people with virii and the like making it appear to the common user, that we're sending out dirty emails.
I understand the basics of email spoofing and how to trace the full path of an email .I also determined that this is indeed the work of an outsider (not a trojan/virus or co-worker). The emails are definately originating from mail servers outside our network. With all that being said, I was actually wondering if it's possible to spoof the IP in the Received: field in the email header. From my understanding, it's not possible (and this is what I've been using to trace the emails).
According to the sites I've checked, they all seem to agree that while some parts of the Received: field can be forged, the IP cannot. How true is this?
The object of war is not to die for your country but to make the other bastard die for his - George Patton