> It's theoretically possible (and not that hard) to create email that is
>     nearly perfectly forged (looks like it comes from somewhere it didn't.)
>
> I should add that it's truly trivial to create an email the MOSTLY looks
> like it came from somewhere it didn't.  I believe that there is significant
> spam that looks like it comes from AOL or HOTMAIL that in fact does not,
> but it's "fun" to have all that hate mail go to a place you don't like (ie
> with strong anti-spam policies.)  Not to mention the all-too-common and
> rather sophmoric prank of spamming "I'm gay and proud" type messages all
> over usenet, looking like it comes from some personal enemy, or just some
> poor dweeb that left his terminal logged in...

The mostly I'll give you, but with some effort I haven't seen any where
you couldn't find the injection point, and, unless they were using an
old and trusting mailer, the IP address of the machine the SPAM was sent
from.  The death of source routing has been a little hard on SPAMMERS
as it is much more difficult to fake your IP.  Also, those of us who have
a clue block anything going out through our firewalls that doesn't come
from a valid inside address.  Of course, there are those without clue
still around.  But still, life is getting harder for the SPAMMERS to fake
things to those who are competant.  The initial knee-jerk response is
usually wrong though.  I average 20 or so messages through my server a day
to people who have responded to the obvious address which doesn't exist.

Roger

(Unix Sysadmin, ex-Navy Data Systems tech, OK for a hobbiest with digital
 design, my analog sucks wind.)