On 05/21/2003 03:55:30 PM Margaret King <[log in to unmask]> forum
wrote:

>Lisa Baas wrote:
>> So you can't always rely on the
>> information you find in the headers and with spam you can almost never
>> rely on it.
>
>Correct.  I probably should have mentioned that.  However, I generally
>trust headers that are written by our own systems.  The Sendmail on our
>servers shows not only what the previous system -called- itself in its
>HELO (or EHLO) but also the IP address it appears to actually be coming
>from.  At least that's my understanding.  If the message appears to
>have gone through several unknown systems before getting to ours, that
>gets real messy in a hurry.

Yep. That's where SamSpade really shines. It tells you whether the IP
address matches the name the system claimed to be so you don't have to do
all those lookups manually.

>> A great free tool for analyzing headers and identifying those
>> that are likely forged is SamSpade. It's a Windows program
>
>We do have some Windows users so I'll keep that in mind.  ;-)

Surely you can put your hands on at least one Windows box :-) It doesn't
appear they've ported it or have plans to port it to other platforms. Odd,
since all the best tools usually start in UNIX. But samspade.org has some
online tools for doing similar things. For example, they have a single
page where you can do reverse dns, traceroute, whois, blackhole list
check, etc.

lisa