TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: FROMTHERAFTERS
date: 2014-08-29 21:33:00
subject: Re: Zscaler spam (was: Si
Virus Guy has brought this to us :
> FromTheRafters wrote:
>  
>> So, you're saying that the entire "Received: " header is legitimate
>> and zscaler was indeed spamming?
>
> What kind of bone-head are you, exactly?
>
> While some of the Received: lines in a header can be forged, you always
> have the very last Received line that is generated by your own server
> telling you the IP of the machine that handed it the mail.
>
> Which in this case was 216.218.133.250.
>
>> In your opinion, just how much of an e-mail header can be trusted
>> to have no bogus information?
>
> If the machine that connected to your server to deliver mail to your
> account is a "legit" server, then you can always trust the next received
> line (if there is one) and possibly all other received lines (if there
> are any).

Okay, so Hurricane Electric is legit, I see that. But does that mean 
everything it tells you can be trusted?

http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisone
d-hurricane.html

Short of contacting them personally and providing complete headers can 
you really be sure where *they* got that e-mail spam from?

>> The one where he (you) flat out accused zscaler of spamming.
>
> In the original thread, zscalar was accused of being either a spammer or
> being used as a spam-relay:
>
> ===========
> Subject: Is zscaler known to be a spammer or spam-relay? (because it is)
> ===========
>
> That accusation was based on examination of the header.
>
> The deduction that the mail originated from (or was relayed by) Zscaler
> was correct.  The subject line was correctly phrased.  Your
> understanding and interpretation of the situation was (and apparently,
> still is) flawed.

Okay, I'll buy that. I'm wrong about you not being able to read 
headers, and I apologize. Does it bother you when someone who doesn't 
know what he is talking about continually argues with you when you *do* 
know what you're talking about - like you've been doing for years 
regarding viruses, malware, and AV/AM programs?


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.