Read RFC 5321 for SMTP What does MTA stand for Consider the

Read RFC 5321 for SMTP. What does MTA stand for? Consider the following received spam email (modified from a real spam email). Assuming only the originator of this spam email is malicious and all other hosts are honest, identify the malicious host that has generated this spam email

From - Fri Nov 07 13:41:30 2008

Return-Path: <tennis5@pp33head.com>

Received: from barmail.cs.umass.edu

(barmail.cs.umass.edu [128.119.240.3]) by cs.umass.edu

(8.13.1/8.12.6) for ; Fri, 7 Nov 2008

13:27:10 -0500

Received: from asusus-4b96 (localhost [127.0.0.1]) by

barmail.cs.umass.edu (Spam Firewall) for

<hg@cs.umass.edu>; Fri, 7 Nov 2008 13:27:07 -0500 (EST)

Received: from asusus-4b96 ([58.88.21.177]) by

barmail.cs.umass.edu for ; Fri,

07 Nov 2008 13:27:07 -0500 (EST)

Received: from [58.88.21.177] by

inbnd55.exchangeddd.com; Sat, 8 Nov 2008 01:27:07 +0700

From: \"Jonny\" <tennis5@pp33head.com>

To: <hg@cs.umass.edu>

Subject: How to secure your savings

Solution

As defined in RFC 5321,MTA is the Acronym for Mail Transfer Agent. The process is that initially host dispatches the message to an Mail Transfer Agent. Then message undergoes a series of Mail Transfer Agents to reach the destinated receiver’s mail reader. We can observe that these kind of spam message follows a cycle of Mail Transfer Agents(MTA). Simple Mail Transfer Protocol(SMTP) servers are MTA\'s for the reason that they transport mails from sender to receiver.

A sincere MTA have to report about the information that from where it receives the message. Look that in this message, “asusus-4b96 ([58.88.21.177])” does not inform that from where it actually received the email. Since we assume only the originator is spam(dishonest), so “asusus-4b96 ([58.88.21.177])” must be the originator. If we carefully look at the mail once again We get to know that the mail is sent by \"Jonny\" with the email address <tennis5@pp33head.com>.