Lisa Baas wrote:
> So you can't always rely on the
> information you find in the headers and with spam you can almost never
> rely on it.

Correct.  I probably should have mentioned that.  However, I generally
trust headers that are written by our own systems.  The Sendmail on our
servers shows not only what the previous system -called- itself in its
HELO (or EHLO) but also the IP address it appears to actually be coming
from.  At least that's my understanding.  If the message appears to
have gone through several unknown systems before getting to ours, that
gets real messy in a hurry.

> A great free tool for analyzing headers and identifying those
> that are likely forged is SamSpade. It's a Windows program

We do have some Windows users so I'll keep that in mind.  ;-)

There is also spamcop.net but I don't know much about them, other than
that I've referred people to http://spamcop.net/fom-serve/cache/19.html
for help in seeing the full headers of an email.

Margaret

> and dns lookups. You can get more
> info and download the program at www.samspade.org.
>
> lisa
>
> On 05/21/2003 06:26:21 AM Margaret King <[log in to unmask]> wrote:
>
> >When I get an IP address I like to plug it into the box near the top
> >of the www.arin.net page.  That may pull up information about an ISP.
> >Or, if the ISP is out of their area (in Korea for example) then they
> >may direct you to another (closer) "whois" service where you can try
> >again (and again...).
> >
> >Margaret King
> >Michigan State University