On Fri, 29 Aug 2014 15:41:26 -0400, FromTheRafters 
wrote:

> It happens that David W. Hodgins formulated :
>> That info is from a whois lookup, which only tells you which isp owns
>> the ip address, not who is using it.
>
> Or abusing it?

That is possible, as the system could have become infected, and thus
part of a botnet, but the people running it are still responsible for
any abuse of the net, coming from that system.

> So, you're saying that the entire "Received: " header is legitimate and
> zscaler was indeed spamming?

Yes, based on what was posted here.

The only header that can be guaranteed not to be forged, is the top most
received header, as it is generated by the mail transfer angent that
received the message. Following received headers that show they sender
is within the same isp can also be trusted. The first received header
that comes from outside of the isp is the last one that can be trusted.
Every thing after that can be forged.

Regards, Dave Hodgins

-- 
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
--- NewsGate v1.0 gamma 2