There is a bug found in Eudora version 6.2.1.2.The bug has been used for sending spoofed mails.Normally a client is used to send mails via the smtp server provided by his ISP or by the mail server used by yahoo,hotmail etc.In some cases where a user wants to send the mail via his own readymade smtp server such as postcast server he/she can use the Eudora email client to send the spoofed email.The problem even get worsed as the domain name from which the email pretends to be come from can also be spoofed.The "message ID" part in the header can also be spoofed to look the email as if it has come from the pre guessed or fake domain.The person willing to send the spoofed mail has to configure the Eudora installation in a way to send the fake mail.The address of the smtp server filled in the box can be pointed to the name of the postcast server(which may be the name of the computer).Suppose the name of someone's computer is 'xct123' and the person is willing to send the mail on behalf of domain whitehouse.gov.The user will as fill Eudora entry where it says the 'smtp server' with whitehouse.gov and will send the mail but as it is obvious the mail will fail and results in a undelivered error in Eudora.Now the bug in the Eudora lies in the fact that those messages which are undelivered are queued up for further delivery. This is the exploit used for sending the spoofed mail.In his next attempt the user will change the smtp server name to 'xct123' (which is also the name of the postcast server) and the same mail via Eudora again with postcast server running.?Now unfortunately bothe the message i.e the even the previous message which was initially targeted to whitehouse.gov will also be delivered to postcast server.Now the latter email can be deleted from the postcast server and when this message is sent then it will be delivred and if anyone will look into the headers of the message it will look like something this in the message ID :
Let us say that I want to send the mail to Myself(pushmohit@gmail.com) from Britney Spears(say britneyspears@hollywood.com).The header which I recieve at my gmail account is :

Header:
*************************************************************************
X-Gmail-Received: 1a5687cd502d5376ec2d97b439de07d55e691837
Delivered-To: pushmohit@gmail.com
Received: by 10.54.32.30 with SMTP id f30cs40971wrf;
Wed, 22 Jun 2005 18:35:44 -0700 (PDT)
Received: by 10.38.207.73 with SMTP id e73mr611151rng;
Wed, 22 Jun 2005 18:35:44 -0700 (PDT)
Return-Path: <britneyspears@hollywood.com>
Received: from 0.0.0.0 ([221.134.238.40])
by mx.gmail.com with SMTP id 79si898642rnc.2005.06.22.18.35.42;
Wed, 22 Jun 2005 18:35:44 -0700 (PDT)
Received-SPF: neutral (gmail.com: 221.134.238.40 is neither permitted nor denied by best guess record for domain of britneyspears@hollywood.com)
Message-Id: <6.2.1.2.2.20050623070417.01ddfcc0@hollywood.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Thu, 23 Jun 2005 07:04:53 +0530
To: pushmohit@gmail.com
From: britney <britneyspears@hollywood.com>
Subject: hi mohit britney here
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

the first spoofed mail
**************************************************************************