nanog mailing list archives
Re: Christmas spam from RESERVED IANA adressblock ?
From: JF Mezei <jfmezei () vaxination ca>
Date: Thu, 25 Dec 2008 02:09:19 -0500
James Hess wrote:
RFC1918 addresses should also never be found in mail headers of any messages being exchanged over the internet..
One need to understand the Received: headers and their order. Private address space is perfectly legitimate. Very common in the early part of transport and often seen in the last delivery in large organisations that have multiple distributed SMTP servers. What is important is for a recipient to know which Received: header he can trust. The only IP address you can trust are the one inside your own organisation, and the IP address that sent the message to your organisation. All other Received: headers below that to be considered fake unless proven otherwise. In the above case, it appears that the message arrived within the organisation from a public IP address, and then was sent to another host within the organisation via private address space. It is also important to note that the topmost header was able to reverse translate the 10.*.*.* IP which implies that it was internal to the organisation, using an internal DNS server which makes it more legitimate since it is within that organisation.
Current thread:
- Christmas spam from RESERVED IANA adressblock ? macbroadcast (Dec 24)
- RE: Christmas spam from RESERVED IANA adressblock ? Steven Lisson (Dec 24)
- Re: Christmas spam from RESERVED IANA adressblock ? Jon Lewis (Dec 24)
- RE: Christmas spam from RESERVED IANA adressblock ? Scott Morris (Dec 24)
- Re: Christmas spam from RESERVED IANA adressblock ? James Hess (Dec 24)
- Re: Christmas spam from RESERVED IANA adressblock ? JF Mezei (Dec 24)
- Re: Christmas spam from RESERVED IANA adressblock ? Neil (Dec 25)
- Re: Christmas spam from RESERVED IANA adressblock ? William Herrin (Dec 25)
- Re: Christmas spam from RESERVED IANA adressblock ? James Hess (Dec 24)
- Re: Christmas spam from RESERVED IANA adressblock ? William Herrin (Dec 24)
- <Possible follow-ups>
- Re: Christmas spam from RESERVED IANA adressblock ? Zaid Ali (Dec 24)