X-Received-From-Address, Spoofed? - ORF Forums

X-Received-From-Address, Spoofed? RSS Back to forum


Can anyone confirm if the "X-Received-From-Address" is rock solid beyond denial or if this can be spoofed by the sending spammer?

by Steven Richards 7 years ago

@Steven Richards: If you are referring to the X-Received-From-Address inserted by the SMTP Envelope Script from our website, it is rock solid (as long as you trust Exchange will pass the proper address to the script). This IP address is the last delivery hop, i.e. the IP address of the SMTP client that connected to the Exchange or SMTP server which runs the script. IP spoofing with TCP (the transmission network layer below SMTP) is extremely difficult to do, so I would say this information can be trusted with very high certainty.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)


Yes, I should have said its from the SMTP Envelope Script. I thought that was the case but wanted to make sure. We had been assuming that to be the case but thought we'd check to on the safe side. Thank you for your response, it is much appreciated.

by Steven Richards 7 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2