Just about every fool caught in some computer-related indiscretion falls back on the old "identity theft" excuse. It's the internet equivalent of "the dog ate my homework."

The routing path is:

To GG from

rich.salon.com (rich.salon.com [206.80.4.124] from

02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111] from

INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11] from

INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16] from

Boylan

The 10.*.*.* addresses are internal to iraq.centcom.mil.

The 214.13.200.111 appears to be the outgoing mail gateway for iraq.centcom.mil, and IP lookups show the DoD to be the owner of the domain.

So it appears the email really was sent from the iraq.centcom.mil domain, unless the received:from path can be spoofed.

There seem to be 3 possibilities:

1. Col. Boylan sent the emails

2. someone other than Col. Boylan authorized to send email from the iraq.centcom.mil domain sent today's original email (a. with Col. Boylan's knowledge or b. without) and spoofed Boylan's return address (which is easy to do)

3. someone not authorized to use iraq.centcom.mil nevertheless figured a way to use the server to deliver the email.

Col. Boylan's dismissive attitude notwithstanding, good faith would lead us to rule out option 1, and perhaps 2a (though his no-denial denials are maddening).

That leaves us with 2b, which would be a breach of military discipline (at least); and 3, which would be a breach of military security. If either of these is the case, I think making any comments on the situation would be inadvisable.

Of course, maybe ALL Glenn's communication with Col. Boylan has been faked by someone. Has that been ruled out?

Curious.

about this to Glenn or anyone else.

**It never happened.

***You're dreaming.

This Boylan isn't just Petraeus's spokesman; as a Lt. Col. he was Director of the military's Combined Press Information Center in Iraq in 2005 and 2006; he was reassigned to the US for a time during 2006; he was promoted to full bird and sent back to serve as Petraeus's chief PR flack in the Green Zone. Obviously he is highly regarded within the military's Politburo, at the very least.

Further, his "engagement" with Glenn is entirely political and as RMP intuits, rather sick. This is a man trying to intimidate someone he believes will fall for his bluster and blandishments. It's not just passive-aggressive; there is another undercurrent (it also shows up in his Reuters panel appearance linked earlier) that is distinctly... well, for lack of a better word, psycho.

Dude is whack.

Fits right in to the "synchronization" of the Military with the rest of the Bushevik agenda.

Any IP address that begins with "10." is not routable on the public internet. That is, any backbone router will drop it. These addresses are meant for internal use within an organization, and are always behind firewalls.

Other addresses of this type are for example "192.168.". If you use a cable-modem/wireless router at home you will probably find that the router assigns you a 192.168. address on your local network. For your computer to communicate with the outside world the firewall/router translates your 192.168 (or 10.) address into a legitimate externally routable address (in particular the address that your ISP assigned to you).

Knowing that, let's look at the sequence of computers that

this e-mail went through, in order:

1: INTZEXEVSIZN02.iraq.centcom.mil [10.70.20.16]

2: INTZEXEBHIZN01.iraq.centcom.mil [10.70.20.11]

3: 02exbhizn02.iraq.centcom.mil [214.13.200.111]

4: rich.salon.com [206.80.4.124]

Note the hop between #2 and #3. #2 is a 10. address, meaning it is internal. This looks like an address behind a firewall.

#3 looks like it is an externally facing gateway; it has a non 10. IP address, meaning it can talk with the rest of the internet. Also, #3 can talk to the internal 10. addresses. (Note that the names of #1 and #2 begin with "INT" - internal.)

So, if we assume that #3 and #4 have not been compromised (hacked) then I'd have to assume that the e-mail has in fact been sent from an iraq.centcom.mil computer. (If #3 has been hacked, then there's potential for a much bigger story here.)

Sometimes e-mails can bounce around through many different routers; if any one is compromised then any prior trace data can't be trusted. That isn't really the case here. We'll assume we trust #4, or at least Salon can verify it hasn't been tampered with. So, to me the authenticity of this e-mail trail is dependent on whether or not #3 is secure. If #3 is secure, then the e-mail must have come from the other, secure side of #3's firewall; in other words it must have come from iraq.centcom.mil.

This whole thing gets more bizarre by the hour. Could it be that Col. Boylan's identity was stolen during that Korean knife attack?

But why on earth would Korean attackers be interested in Vermont real estate?

I swear, there is more to this than meets the eye...

Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6)with ESMTP id l9SBFgrP024411 for ; Sun, 28 Oct 2007 04:15:43 -0700

Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111])by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SBFSff004148 for ; Sun, 28 Oct 2007 04:15:36 -0700

Headers read in reverse order. Thus they go from receiver back out to sender.

The first paragraph is stamped to the header by the the internal salon.com mail server (mailer.salon.com). basically it says this host mailer.salon.com

received a message from rich.salon.com (rich.salon.com [206.80.4.124] which is one of the salon.com external mail relay hosts. Do an NSLookup

set q=mx, salon.com and it will reveal all the salon.com external mail relay servers.

The second paragraph is where the salon.com external mail relay box stamped the header on the inbound message with the address of

the host that sent the message (02exbhizn02.iraq.centcom.mil [214.13.200.111]). This cannot be spoofed. The salon.com external mail relay looks at

the message and from examining the IP headers it knows where is came from. This addressing cannot be spoofed. The headers contain IP address of the host that the message came from. The salon.com relay server is simply resolving them via dns with the host name in ie (02exbhizn02.iraq.centcom.mil [214.13.200.111].

So I see no point in arguing whether or not this message came from 02exbhizn02.iraq.centcom.mil. It is simply a fact. Let's move on to the real issue

here. And that is that the spokesman for the man in charge of the Iraq occupation has lied in an open forum. Will he be fired? Or will the rightwing noise machine claim that calling Col. Boylan a liar to be another instance of not supporting the troups. I think we can guess the answer to that one. Rush, we're waiting...