Spam question

[Tomas Wolf <tomas () skip cz>]

Hello,

I'm reading some sources of spam I've got and I have a question that 
has crossed my mind... Is it possible to malform e-mail's header?

What I have in mind is that some of the headers come with different 
header composition in which up to two *Received:* records are from 
registered range... And also some of these e-mails have *Return-Path:* 
inserted on the bottom of the header, following *Received: from 
bla.bla.com [xxx.xxx.xxx.xxx] by bla.bla.com (MAILSERVER NAME vX) with 
PROTOCOL, DATE*... While the original Return-path: with an e-mail 
address, as it supposed to, is one of the top ones...

I have a theory about this... Could there be a program that connects 
directly to the end-user SMTP server by telnet and makes sends to a 
localhost? I know that would be a lot of traffic and time spent on this, 
but isn't this another possibility? I remember when I was playing with 
SMTP server at home, I was capable of sending any kind of e-mail to 
anybody@localhost... So then I've tried it on several "real" SMTP 
servers where I knew my friends had an account and it worked as well... 
Which means if I know the user and the end server, I'm able to send 
pretty much anything and by forming the commands well, it is possible to 
try to malform the header so one of the records might trick somebody 
into believing, that it is one of the SMTP relay hops.

Thanks for your input...
Tomas



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------