Actually, in that example, ther was no ident reply from the remote host. "evilspammer" is just the name given when the remote host gives his EHLO or HELO.
Received: from mail.n.ml.org (djr@narnia.mhv.net [199.0.0.118]) ...
means my mail server identified itself as "mail.n.ml.org," with a real host name of "narnia.mhv.net" and IP of 199.0.0.118, and an ident reply of "djr."
There are valid reasons for a mail to be sent claiming to be sent from an address it wasnt actually sent from (this is why there is sendmail -f). Identd, on the other hand, is wholly worthless. I can't believe people actually trust it (ie, in wrappers), as it is so trivially forged. I think the "proxy ident" idea is the most silly thing I've heard in ages. Come up with a rotating key-based way to authenticate clients and we can talk turkey.. -- Christopher M Neill -- Network Operations QualNet - We Make the Internet Work for Your Business.(sm) DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566 http://www.qual.net