RE: how to hide e-mail header information?

["David Gillett" <gillettdavid () fhda edu>]

  Well, the normal way spam-sending packages do this is to
incorporate their own SMTP server engine into the package.
So they can insert any extra/optional headers they wish.

  When I receive spam, I often drop it -- or at least the headers --
into one of the various anti-spam packages that will read and
attempt to verify the headers.  Some of them have gotten quite
good at spotting and ignoring forged Received: headers.....

David Gillett

> -----Original Message-----
> From: SB CH [mailto:chulmin2 () hotmail com]
> Sent: April 15, 2003 17:38
> To: security-basics () securityfocus com
> Subject: Re: how to hide e-mail header information?
>
>
> First so sorry for bothering you.
> But I'm not a spammer just but security engineer of the company.
> and I have read this article to stop spam at mail server.
>
> http://www.stopspam.org/email/headers/headers.html
>
> at this article, written like this.
>
> "Another trick used by forgers of email, this one
> increasingly common, is
> to add spurious Received: headers before sending the
> offending mail. This
> means that the hypothetical email sent from turmeric.com might have
> Received: lines that looked something like this:
>
> Received: from galangal.org ([104.128.23.115]) by mail.bieberdorf.edu
> (8.8.5)...
> Received: from nowhere by fictitious-site (8.8.3/8.7.2)...
> Received: No Information Here, Go Away!
>
> Obviously, the last two lines are complete nonsense, written
> by the sender
> and attached to the message before it was sent. "
>
> I just would like to know how this way is possible. Because I
> think that
> security relaters should know about the attack way well to
> defence the
> attack or fake etc.
>
> Again, I'm not a spammer.
>
>
> Thanks in advance.
>
>  > -----Original Message-----
>  > From: SB CH [mailto:chulmin2 () hotmail com]
>  > Sent: Sunday, April 13, 2003 7:09 PM
>  > To: security-basics () securityfocus com
>  > Subject: how to hide e-mail header information?
>  >
>  >
>  > Hello, all.
>  >
>  > I use Outlook express for MUA and any receiver from me can know my
>  > computer
>  > name and IP address just by clicking right button on my messgae.
>  > So, I would like to hide e-mail header information.
>  > How to hide or inject false information at e-mail header from me.
>  >
>  >
>  > Thanks in advance.
>  >
>  >
>
>
> _________________________________________________________________
> MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요.
> http://messenger.msn.co.kr
>
>
> --------------------------------------------------------------
> -------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in
> Amsterdam, the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers
> with no vendor
> sales pitches.  Deadline for the best rates is April 25.
> Register today to
> ensure your place.
http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------