Unconditionally secure authentication codes provide information theoretic security against an adversary who observes authenticated messages and then wants to construct a fraudulent message that is acceptable by the receiver. The attack model for these codes has recently been strengthened and adaptive adversaries with oracle access have been introduced. In this paper we give an analysis of this new model and derive information theoretic bounds on the success probability and key size of the codes. Our analysis treats two games that an adversary can play: an offline attack in which the adversary is allowed to query a verification oracle and then to construct the spoofing query; and an on-line attack in which the adversary interacts with the verification oracle and wins as soon as he constructs an acceptable message. We describe the best strategy of the adversary in each case.