Originally posted here by XTC46
yes the IP can be spoofed, but it would be a hell of a lot more complicated then what you are doing.

This is a surprise to me. I know you can like use a proxy, or a compromised server to have that machines IP show up as the one making the connection, but thats not really spoofing. What is involved in this? Cause as far as i knew, you could not spoof your ip and maintain a connection with the server... elighten me please.


Originally posted here by Tiger Shark
This is no better than the fact that queued messages on a IIS SMTP server are held in the queue in text format.... Editable text format. By blackholing the DNS to my IIS server I can hold up all the messages so they become queued. Then I can edit the messages including the headers and save them back to the queue. Then I can fix the DNS server and kick off the queue again. They will be delivered in their "fixed" form..... But the address of the sending SMTP server will still show in the final headers....

Clever.. I think this answered my question..