-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Thu, 25 Sep 2003 10:56:50 -0700, Dave Trapnell <dtresearch@earthlink.net> wrote:

What's with this "Return-Path:" field? Are those "real"
email addresses? Could the solution be as simple as just
emailing those addresses and asking them to clean up their
machines? What about the IP addresses? Are they real? Here
is the "current crop of "Return-Path:" addresses. I was told
these are probably just bogus addresses planted by the
virus.

I'm not sure on the Return-Paths - I've asked a few folks and none of 
them have had a real answer as to their real-ness.  Since nobody has 
told me (or complained to me) they are forged, I'm going on the 
assumption that the Return-Path header is legitimate, and as such, 
haven't blocked my mailserver from sending out warnings to those 
addresses.

The IP addresses are definitely real.  It is complicated to send an 
email without your IP address appearing somewhere on it.

About the only thing I can think to do to verify the legitimacy of that 
Return-Path header would be to set up a perl script to try and match up 
IP addresses with the domain in the Return-Path header... but I don't 
play Perl very much, so wouldn't want to undertake something like that 
just now.  :-)

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/c1IFhm6KEoOOAe0RAoQ0AJ9dof7Upjt3AviEu52BP15fyJGTYgCfWzSO
AuywHaMJsqKuyjqLc2RagyA=
=KRFJ
-----END PGP SIGNATURE-----