John Hardin jhardin at impsec.org
Thu May 16 19:23:01 PDT 2002

On Thu, 2002-05-16 at 18:42, Simon Matthews wrote:

> Actually, I don't think Klez always puts the correct reply address
> anywhere.

My bounces are running 80% to 90% plausible Return-Path: headers. Is
anybody seeing something lower than this?

I don't know whether Klez would be able to forge the Return-Path: and if
so, whether any variants are doing so. Maybe I should pull something out
of quarantine and run it through "strings"...

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   909 days until the Presidential Election

[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the esd-l mailing list