PayPal IPN data - how to verify it?

Question

I'm playing with my PayPal Sandbox accounts in the ASP.NET MVC 3 app, and I'm wondering about one thig. After the payment is completed, I get an IPN response in my server.

How to check in my appif that response string is not a fake/hacked? In the other words, I want to be sure that response is an original PayPal's response, then I get the user something what he paid for.

SUCCESS
mc_gross=10.00
protection_eligibility=Eligible
address_status=confirmed
payer_id=RV2RBQBZDK6N6
tax=0.00
address_street=1+Main+St
payment_date=13%3A55%3A37+Feb+24%2C+2012+PST
payment_status=Completed
charset=windows-1252
address_zip=95131
first_name=tony
mc_fee=0.59
address_country_code=US
address_name=tony+a
custom=Registration+started%3A+2012-02-24+22%3A54%3A59
payer_status=verified
business=seller_1330118126_biz%40gmail.com
address_country=United+States
address_city=San+Jose
quantity=1
payer_email=buyer_1330118087_per%40gmail.com
txn_id=9V8712675P592753E
payment_type=instant
last_name=a
address_state=CA
receiver_email=seller_1330118126_biz%40gmail.com
payment_fee=0.59
receiver_id=R35PLL9VN3UFY
txn_type=web_accept
item_name=My+painting
mc_currency=USD
item_number=
residence_country=US
handling_amount=0.00
transaction_subject=Registration+started%3A+2012-02-24+22%3A54%3A59
payment_gross=10.00
shipping=0.00

Answer 1

You submit the transaction to https://www.paypal.com/cgi-bin/webscr, and it will verify whether not the transaction is legitimate. PayPal offers a sandbox testing mode, where you should write your code to handle these transactions properly.

Here are some docs on how to test transactions via IPN: https://www.paypal.com/cgi-bin/webscr?cmd=p/sell/ipn-test-outside

Here are various code samples that actually verify the transaction: https://www.paypal.com/us/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside