How to read and decipher the header of a newsgroup post

Usenet or Newsgroup headers are the easiest type of headers to decipher, but also the easiest type to falsify. There are only three lines in Usenet headers that are very difficult to forge; Path, Date, and NNTP-Posting-Host. Lets take a look at the header below, and try to determine the message came from.

Path: news!global-news-master
From: abuse@pacbell.net
Newsgroups: alt.pacbell.test
Subject: test
Date: Tue, 27 Jan 1998 16:27:10 GMT
Organization: SBC Internet Services
Lines: 1
Message-ID:
NNTP-Posting-Host: 132.154.145.124
X-Newsreader: Forte Free Agent 1.11/32.235
Xref: news pacbell.test:2248

The Path section is very similar to the 'Received' section in e-mail headers, and will show what path the message took to reach you. This line is very difficult to forge, because it is placed into the header by all the machines that received this e-mail. The Date line is inserted by the posting server, and is not always 100% accurate due to possible lag time associated with Usenet. This is usually not too much of a problem since there are usually other clues within the message that point to the posters account. The final reliable line is the NNTP-Posting-Host, which is placed into the header by the server, which is posting the message. So with this information we can determine that this message originated from 132.154.145.124, a Pacific Bell Internet machine.