> -----Original Message----- > From: IMail_Forum-owner@list.ipswitch.com > [mailto:IMail_Forum-owner@list.ipswitch.com]On Behalf Of > scott.perry@kewill.com > Sent: Thursday, October 26, 2000 10:45 AM > To: IMail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] HEADER QUESTION > > > > And my statement about "x-" is completely correct: it "signifies" > > an untrustworthy header BECAUSE the "x-" headers are unstandardized, > > hence not to be processed by RFC-compliant relays, whereas the > > standard headers, despite your objection, are to be taken as > > relatively trustworthy and used to deliver mail. > > Yes and no. > > The standard headers, as defined in RFC821/RFC822, must be > considered by the SMTP clients/servers as if they were > trustworthy. For example, if the "From:" header says > "friend@public.com", and the user replies to the E-mail, the > mail client has to assume that "friend@public.com" is the > correct address to send to (assuming only the From: header is > present). > > However, all of the headers can be forged, so in reality, few > can truly be trusted. You can only trust the headers placed > by your mail server, and any mail servers back in the chain > that you can also trust (IE, if your local branch office has > a mail server that gets mail from headquarters, you can trust > the headers placed at headquarters). > > Of course, forged headers are often easy to detect, and can > often provide many more clues than legitimate headers. > -Scott > > > > >