Recently, my email server has been intercepting netskyP and beagleX infected messsages. I've traced the source email, and it doesn't resolve to the IP it says it's from in the header. - From: firstname.lastname@example.org To: email@example.com Received: from hall-gateway.net [65.114.248.xx] by mail [170.215.76.xx] 65.114.248.xx resolves to iwworks.com Comcast.net should have an address like- 63.240.76.??, 204.127.205.?, as per samspade (dns, finger, tracert, whois. etc.) and my logs of good past transactions. I sent a (nice) letter off to the admin and tech contacts listed in a WHOIS for iwworks.com, illustrating my points, and providing the ip addresses used to spoof the firstname.lastname@example.org account. I was wondering if I jumped the gun a bit- should I have or could I have done anything else to research the source? Or do I owe them an apology.