| Home | Account Services | Contact Us | Site Index | Software | Technical Support |
How to read and decipher the header of a newsgroup postUsenet or Newsgroup headers are the easiest type of headers to decipher, but also the easiest type to falsify. There are only three lines in Usenet headers that are very difficult to forge; Path, Date, and NNTP-Posting-Host. Lets take a look at the header below, and try to determine the message came from.Path: news!global-news-master From: Service Abuse Team Newsgroups: alt.swbell.test Subject: test Date: Tue, 27 Jan 1998 16:27:10 GMT Organization: SBC Internet Services Lines: 1 Message-ID: NNTP-Posting-Host: 132.154.145.124 X-Newsreader: Forte Free Agent 1.11/32.235 Xref: news swbell.test:2248 The Path section is very similar to the 'Received' section in e-mail headers, and will show what path the message took to reach you. This line is very difficult to forge, because it is placed into the header by all the machines that received this e-mail. The Date line is inserted by the posting server, and is not always 100% accurate due to possible lag time associated with Usenet. This is usually not too much of a problem since there are usually other clues within the message that point to the posters account. The final reliable line is the NNTP-Posting-Host, which is placed into the header by the server, which is posting the message. So with this information we can determine that this message originated from 132.154.145.124, a Southwestern Bell Internet machine. |