回复: 差一点被假 Paypal 骗了
要辨别邮件的真正来源,需要看header信息,比如:
Received: by 10.49.75.4 with SMTP id y4csp47938qev; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) X-Received: by 10.68.213.104 with SMTP id nr8mr18032044pbc.200.1363917460163; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) Return-Path: <service@intl.paypal.com> Received: from mx0.slc.paypal.com (mx3.slc.paypal.com. [173.0.84.228]) by mx.google.com with ESMTP id xp9si334427pbc.250.2013.03.21.18.57.39; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) Received-SPF: pass (google.com: domain of service@intl.paypal.com designates 173.0.84.228 as permitted sender) client-ip=173.0.84.228; Authentication-Results: mx.google.com; spf=pass (google.com: domain of service@intl.paypal.com designates 173.0.84.228 as permitted sender) smtp.mail=service@intl.paypal.com; dkim=pass header.i=@intl.paypal.com DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=dkim; d=intl.paypal.com; h=DKIM-Signature:Received
ate:Message-Id:Subject:X-MaxCode-Template:To:From:X-Email-Type-Id:X-XPT-XSL-Name:Content-Type:MIME-Version; b=GA6BcM357mkQ03hIZV7od7o/kNl5RbZUtrsOSsyny29WCzaOSvLEOmbxFp+8nl4O XKGfnoQen3Zi8Jlk3FGyFFM0ma1/rC5IyS/M2lrWf8z3QxTu3XWthxkQJlDLxKF0 SyPJr6mS7MMZbGXgLyfA75VBUbGEjNGmXkz37zUSmmg= DKIM-Signature: v=1; a=rsa-sha1; d=intl.paypal.com; s=dkim; c=relaxed/relaxed; q=dns/txt; i=@intl.paypal.com; t=1363917459; h=From:From:Subjectate:To:MIME-Version:Content-Type; bh=ss780wKsTsaEkm9CdrZaIHmUe7Y=; b=PzXgr5Wxckh3gzPysKpqnXumD7ezU2GZxXcltn7T1j9ykxmofyr5B15igneT4Fvg KZ7vamIbYjDeORVCzcodOw1Z1Q7CK508DfSvjw1MtB5pyJad1er5AbpwVWeDzWVS tGbWZHNVH8GluMzT2juVQH7Qc/RjNs77S2IXIGYn9VQ=;
sender信息可以作假,但是那个邮件服务器地址假不了:
Received: from mx0.slc.paypal.com (mx3.slc.paypal.com. [173.0.84.228])
要辨别邮件的真正来源,需要看header信息,比如:
Received: by 10.49.75.4 with SMTP id y4csp47938qev; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) X-Received: by 10.68.213.104 with SMTP id nr8mr18032044pbc.200.1363917460163; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) Return-Path: <service@intl.paypal.com> Received: from mx0.slc.paypal.com (mx3.slc.paypal.com. [173.0.84.228]) by mx.google.com with ESMTP id xp9si334427pbc.250.2013.03.21.18.57.39; Thu, 21 Mar 2013 18:57:40 -0700 (PDT) Received-SPF: pass (google.com: domain of service@intl.paypal.com designates 173.0.84.228 as permitted sender) client-ip=173.0.84.228; Authentication-Results: mx.google.com; spf=pass (google.com: domain of service@intl.paypal.com designates 173.0.84.228 as permitted sender) smtp.mail=service@intl.paypal.com; dkim=pass header.i=@intl.paypal.com DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=dkim; d=intl.paypal.com; h=DKIM-Signature:Received
ate:Message-Id:Subject:X-MaxCode-Template:To:From:X-Email-Type-Id:X-XPT-XSL-Name:Content-Type:MIME-Version; b=GA6BcM357mkQ03hIZV7od7o/kNl5RbZUtrsOSsyny29WCzaOSvLEOmbxFp+8nl4O XKGfnoQen3Zi8Jlk3FGyFFM0ma1/rC5IyS/M2lrWf8z3QxTu3XWthxkQJlDLxKF0 SyPJr6mS7MMZbGXgLyfA75VBUbGEjNGmXkz37zUSmmg= DKIM-Signature: v=1; a=rsa-sha1; d=intl.paypal.com; s=dkim; c=relaxed/relaxed; q=dns/txt; i=@intl.paypal.com; t=1363917459; h=From:From:Subjectate:To:MIME-Version:Content-Type; bh=ss780wKsTsaEkm9CdrZaIHmUe7Y=; b=PzXgr5Wxckh3gzPysKpqnXumD7ezU2GZxXcltn7T1j9ykxmofyr5B15igneT4Fvg KZ7vamIbYjDeORVCzcodOw1Z1Q7CK508DfSvjw1MtB5pyJad1er5AbpwVWeDzWVS tGbWZHNVH8GluMzT2juVQH7Qc/RjNs77S2IXIGYn9VQ=; sender信息可以作假,但是那个邮件服务器地址假不了:
Received: from mx0.slc.paypal.com (mx3.slc.paypal.com. [173.0.84.228])
