X-Received-From-Address, Spoofed? RSS

1

Can anyone confirm if the "X-Received-From-Address" is rock solid beyond denial or if this can be spoofed by the sending spammer?

by Steven Richards 7 years ago
2

@Steven Richards: If you are referring to the X-Received-From-Address inserted by the SMTP Envelope Script from our website, it is rock solid (as long as you trust Exchange will pass the proper address to the script). This IP address is the last delivery hop, i.e. the IP address of the SMTP client that connected to the Exchange or SMTP server which runs the script. IP spoofing with TCP (the transmission network layer below SMTP) is extremely difficult to do, so I would say this information can be trusted with very high certainty.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)

3

Yes, I should have said its from the SMTP Envelope Script. I thought that was the case but wanted to make sure. We had been assuming that to be the case but thought we'd check to on the safe side. Thank you for your response, it is much appreciated.

by Steven Richards 7 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed