Bob Tanner wrote: > > > Quoting Jonathan Kline (jonathankl_2001 at yahoo.com): > > This is interesting: > > The headers from the last spam message.... > > Received: from 209.26.175.43 (www.rdt.net [209.26.175.43] (may be > > forged)) by sprite.real-time.com (8.11.1/8.11.1) with SMTP id > > f2KJ2cl12495; Tue, 20 Mar 2001 13:02:40 -0600=20 > >=20 > > May be forged? > >=20 > > Interesting! > > Reverse and forward do not match. > > $ nslookup 209.26.175.43 > Name: www.rdt.net > Address: 209.26.175.43 > > $ nslookup www.rdt.net > Name: www.rdt.net > Address: 202.84.198.61 Be careful about insisting that reverse and forward lookups match. For example, I'm using a dynamic domain name, and one of the headers in this email will say something like: > Received: from zjod.net (nic-31-c19-033.mn.mediaone.net [24.31.19.33]) But because it's a dynamic domain name, trying to match reverse and forward lookups gives: > SOS:sos=> nslookup zjod.net > Server: rsdns01.mn.mediaone.net > Address: 24.31.3.8 > > Name: zjod.net > Address: 24.31.19.33 > > SOS:sos=> nslookup 24.31.19.33 > Server: rsdns01.mn.mediaone.net > Address: 24.31.3.8 > > Name: nic-31-c19-033.mn.mediaone.net > Address: 24.31.19.33 > > SOS:sos=> nslookup nic-31-c19-033.mn.mediaone.net > Server: rsdns01.mn.mediaone.net > Address: 24.31.3.8 > > Name: nic-31-c19-033.mn.mediaone.net > Address: 24.31.19.33 > > SOS:sos=> Which, depending on what you start doing nslookups with (like the TCP address, or the dynamic domainname ["zjod.net"] instead of the static domain name ["nic-31-c19-033.mn.mediaone.net"]), could throw a simple reverse/forward lookup comparison off. -S