I got an email from somebody complaining that somebody at my domain is sending them spam. The reason they thought it was me was this line in the headers:
Received: from ky5n.japh.org [51.14.80.160] by h0010959fb25c.ne.client2.attbi.com with ESMTP id F89AE670481; Sun, 10 Aug 2003 08:15:02 -0700
How can somebody be using a host that doesn't exist?
Bogus hostnames
vsergu on 2003-08-10T19:19:38
The name immediately after the "from" in the "Received:" line is just whatever the remote mail server says it is, so there's no reason to believe it's accurate or even exists, especially with spam. The IP address in brackets should be real (assuming the "Received:" line itself is real -- make sure you're not reading past the first one that was added by a trustworthy host (which is often just the first one)). Sometimes there'll be another hostname in parentheses before the IP address, which should be the result of a reverse DNS lookup. If the hostnames don't match, something shady could be going on.
