INTRO: Netcasts you love, from people you trust. This is TWiT.
Transcript of Episode #79
Backtracking Spoofed Spam eMail
Description: Leo's 'TWiT.tv' and Steve's 'GRC.com' domains are used by spambots which spoof
their domains as the source of bogus eMail. This week they discuss the details of eMail
"Received:" headers and explain how the examination of those headers can penetrate any
spoofing to reveal the true originating IP of any spoofed spam eMail.
High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-079.mp3
Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-079-lq.mp3
Leo Laporte: Bandwidth for Security Now! is provided by AOL Radio at
This is Security Now! with Steve Gibson, Episode 79 for February 15, 2007: Spambots.
Security Now! is brought to you by Astaro, makers of the Astaro Security Gateway, on the
web at www.astaro.com.
It’s time to talk about security with everybody’s favorite security maven. I’m going to call
you a “maven” from now on, Steve Gibson.
Steve Gibson: I’m not sure what a maven is.
Leo: It’s good. I know it’s a good thing. It’s like a, hmm, I don’t know how to describe it.
Steve: An advocate, maybe?
Leo: No, no, like a big shot. A maven is regarded by cohorts as a trusted expert in a
particular field and who seeks to pass his or her knowledge on to others.
Steve: Boy, you are fast with that dictionary, Leo.
Leo: That’s Wikipedia for you, baby. It’s right there. So you are – I would say that’s pretty
much you, a trusted expert in security, and you seek to pass your information to others.
Steve: I’d go along with that.
Leo: You da maven, man. And today we’re going to talk about what, Mr. Maven?
Steve: Well, a couple things. It’s funny, I was listening to one of your recent TWiT broadcasts,
I sort of listen to them in the background when I’m doing work where I can have one ear on
that. And you guys were talking about – this was in the last couple weeks – the really
continuing expansion of zombie b