As I am sure you all know, or at least most of you, virus activity has been through the roof lately. I've been dealing with a large volume of emails that are spoofing domains and basically brute forcing their way into my system (not very successfully I might add).
What I was hoping you could help me with is to tell me if I am interpreting this correctly. Dig this header:
Code:
Received: from mail-hub.mydomain.com (rrcs-midsouth-24-172-75-161.biz.rr.com [24.172.75.161])
by ms-smtp-01-eri0.southeast.rr.com (8.12.10/8.12.7) with ESMTP id i0SMbSjF019486
for <brian@openssl.org>; Wed, 28 Jan 2004 17:37:28 -0500 (EST)
Message-Id: <200401282237.i0SMbSjF019486@ms-smtp-01-eri0.southeast.rr.com>
From: david@mail-hub.my-domain.com
To: brian@openssl.org
The first line says that the email was received from mail-hub.mydomain.com and then lists a hostname and an ip (in brackets). Is the hostname/IP combo where it was REALLY received from? This email did NOT originate from my mail server as it is not used as an smtp gateway. I have another machine that does this for my clients...
So is it safe to say that someone is attempting to trick someone into thinking that this email is from my domain but in reality, it is coming from the hostname/IP listed in the part of the received field delimited by brackets?
Edit: and what RFC describes email headers?