On Tue, Jun 15, 2004 at 02:42:32PM -0500, rgball wrote:
1) go through all the list's archives and match information in the bottom-most Received: line to the subscriber's address. Keep all of this in a database (not the dist file).
Can't rely on that. Received: lines can be faked, as long as they're below the point of injection into the system. If there's spoofing going on, the spoofers are presumably motivated to keep it happening. You could just rely on a valid PGP signature before passing on the message. But there are very few lists that do this, in large part because most people find PGP too hard to use.
It's still not going to be proof against a determined spoofer but should eliminate the casual spammers.
I first saw spam with fake Received: header lines some time around 1997. Roger