Bob Tanner wrote:
> 
> 
> Quoting Jonathan Kline (jonathankl_2001 at yahoo.com):
> > This is interesting:
> > The headers from the last spam message....
> > Received: from 209.26.175.43 (www.rdt.net [209.26.175.43] (may be
> > forged)) by sprite.real-time.com (8.11.1/8.11.1) with SMTP id
> > f2KJ2cl12495; Tue, 20 Mar 2001 13:02:40 -0600=20
> >=20
> > May be forged?
> >=20
> > Interesting!
> 
> Reverse and forward do not match.
> 
> $ nslookup 209.26.175.43
> Name:    www.rdt.net
> Address:  209.26.175.43
> 
> $ nslookup www.rdt.net
> Name:    www.rdt.net
> Address:  202.84.198.61



Be careful about insisting that reverse and forward lookups match.

For example, I'm using a dynamic domain name, and one of the headers in this
email will say something like:
	> Received: from zjod.net (nic-31-c19-033.mn.mediaone.net [24.31.19.33]) 

But because it's a dynamic domain name, trying to match reverse and forward
lookups gives:
	> SOS:sos=> nslookup zjod.net
	> Server:  rsdns01.mn.mediaone.net
	> Address:  24.31.3.8
	> 
	> Name:    zjod.net
	> Address:  24.31.19.33
	> 
	> SOS:sos=> nslookup 24.31.19.33
	> Server:  rsdns01.mn.mediaone.net
	> Address:  24.31.3.8
	> 
	> Name:    nic-31-c19-033.mn.mediaone.net
	> Address:  24.31.19.33
	> 
	> SOS:sos=> nslookup nic-31-c19-033.mn.mediaone.net
	> Server:  rsdns01.mn.mediaone.net
	> Address:  24.31.3.8
	> 
	> Name:    nic-31-c19-033.mn.mediaone.net
	> Address:  24.31.19.33
	> 
	> SOS:sos=> 

Which, depending on what you start doing nslookups with (like the TCP
address, or the dynamic domainname ["zjod.net"] instead of the static
domain name ["nic-31-c19-033.mn.mediaone.net"]), could throw a simple
reverse/forward lookup comparison off.

-S