It is spoofed. When looking at the Recieved headers, you can't trust the ones on the bottom - they can be faked so that it looks like it came from else where. You have to backtrack.
1. Received: (mail@localhost) by server5.anon-dns.net (8.12.9) id k7S2pBpT003019 sender email@example.com for firstname.lastname@example.org; Sun, 27 Aug 2006 19:51:11 -0700
This looks OK. The anon-dns.net server is telling us it got the message but the actual recipient will be email@example.com - this server appears to be in Washington state.
2. Received: from 184.108.40.206
by server5.anon-dns.net with smtp (Exim 4.31)
for firstname.lastname@example.org; Sun, 27 Aug 2006 19:51:11 -0700
anon-dns.net tells us it got the message from a server that claims it was mail.webreform.co.uk.
But the IP address is to a Brazilian machine, will call it Brazil-A.
The next headers are the spoofed headers, claiming a Brazilian machine, we'll call it Brazil-B, got the message from DreamHost.
So think about it. All the headers imply the message came from DreamHost in California, went through a network in Brazil, then to back to the US. You know, Brazil sounds like quite a detour to get from California to Washington. No doubt the message actually originated in Brazil.
[color=#6600CC]Atropos[/color] | openvein.org