[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[Author Index]
Return to main CEDA-L Archive Page
Re: Unarchived/Internet Evidence�Spoofing Email Addresses
- To: "Sean D. Upton" <socrates@aros.net>
- To: CEDA-L <ceda-l@cornell.edu>, NDT-L <ndt-l@uga.cc.uga.edu>
- Subject: Re: Unarchived/Internet Evidence
- Subject: Spoofing Email Addresses
- From: Doug Frye <dfrye@rica.net>
- From: Pat Gehrke <papacat@sierra.net>
- Date: Sat, 20 Jul 1996 02:18:01 -0400
- Date: Fri, 19 Jul 1996 23:56:37 -0700
- Organization: California State University Chico
- References: <Pine.BSF.3.91.960719225015.3934A-100000@shell.aros.net>
Do these emails from Bill and Hillary make you suspicious of
internet evidence? Don't be. One would have to be slyer than
these pranksters to make it really look like the email came from
the whitehouse.
Not really that tough to get suspicious of spoofed email. The
hillary.clinton mail followed this path:
(My notations preceded by **)
** The message has a unique ID of::
Message-Id:
<199607200353.XAA12153@acg60.wfunet.wfu.edu>
** University of Georgia sent the message through Wake Forest,
toward Cornell:
Received: from uga.cc.uga.edu (uga.cc.uga.edu [128.192.1.5])
by acg60.wfunet.wfu.edu (8.6.10/8.6.10) with SMTP id
XAA12153 for ceda-l@cornell.edu; Fri, 19 Jul 1996 23:53:23 -
0400
** Wake Forest University forwarded to Cornell:
Received: from acg60.wfunet.wfu.edu (acg60.wfunet.wfu.edu
[152.17.1.31]) by cornell.edu (8.7.5/8.7.3) with SMTP id
XAA25828 for <ceda-l@cornell.edu>; Fri, 19 Jul 1996 23:57:50 -
0400 (EDT)
** Cornell's incoming system decoded to spec. address:
Received: (from daemon@localhost) by cornell.edu (8.7.5/8.7.3)
id XAA25848 for CEDA-L@listproc2.mail.cornell.edu; Fri, 19
Jul 1996 23:57:54 -0400 (EDT)
** Cornell's incoming system forwarded to Cornell's listproc:
Received: from cornell.edu (cornell.edu [132.236.56.6]) by
listproc2.mail.cornell.edu (8.6.12/8.6.9) with SMTP id
XAA11503 for <CEDA-L@listproc2.mail.cornell.edu>; Fri, 19
Jul 1996 23:53:34 -0400
** Cornell's Listproc sent to Cornell's outgoing system:
Received: from localhost.mail.cornell.edu (localhost [127.0.0.1])
by listproc2.mail.cornell.edu (8.6.12/8.6.9) with SMTP id
XAA11521; Fri, 19 Jul 1996 23:53:51 -0400
** Shows up in my mailbox:
Received: from LISTPROC2.MAIL.CORNELL.EDU by
diamond.sierra.net with SMTP id AA01487 (5.67b8/IDA-1.5 for
<papacat@sierra.net>); Fri, 19 Jul 1996 21:09:44-0700
So, the mail appears to originate from the University of Georgia...
Gee, who could that be? ;-)
Not all listserves will provide this much data, but many do.
Now, we could always just bounce the email back to its "FROM"
email address and ask for confirmation of the validity of the
email, but just in case that really is Hillary's email address, we
don't need to sick the Secret Service on our friends at UGA. ;-)
Pat Gehrke
CSU Chico
Archive created by Jonathan Stanton (jonathan@cs.jhu.edu)
Return to main CEDA-L Archive Page