>Please correct me if anyone knows more.

In theory one can trace the hosts the message went through backwards
through the header list. In practice, some internal relay domains will
often appear in the list and those cannot be checked or reached from the
outside (not even NS or reverse lookup). Plus some evil programs seem to
forge more than one header. People who look through the list and go for
its head may mistakenly send abuse complaints to hostmasters of hosts that
never saw that message. You really need to build a list of IPs backwards
through the header, checking each for name (is resolvable). Do not assume
that the first or last found forgery is really the one you are looking
for. Good luck.

Peter

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listserv@mitvma.mit.edu with SET PICList DIGEST in the body