Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 May 1997 01:12:32 -0500
From:      "Jeffrey J. Mountin" <sysop@mixcom.com>
To:        craig@tuna.progroup.com (Craig W. Shaver)
Cc:        questions@freebsd.org
Subject:   Re: COME SEE THE HOTTEST scam spam on the net!!!
Message-ID:  <3.0.32.19970502011232.00b8e16c@mixcom.com>

next in thread | raw e-mail | index | archive | help
At 01:03 PM 4/27/97 -0700, Craig W. Shaver wrote:
>When you get this kind of email expand the headers, most of the from
>and reply addresses are forged, but the received list should show
>a good ip address.  Do a traceroute to each of the addresses, and 
>send email to root, postmaster, and abuse at each of the addresses.
>Copy the headers and your traceroutes into your replies.

I don't have the full thread for this, but did anyone mention that the
headers can be forged.  Only the first 2 lines of the header can be
trusted, as they are added by the local sendmail.



Here is the header from this message, as I don't have a truely creative
bogus header handy:

Received: by mixcom.mixcom.com (8.6.12/2.2)
	   id PAA14271; Sun, 27 Apr 1997 15:26:51 -0500
Received: from ns3.harborcom.net(206.158.4.7) by mixcom.mixcom.com via smap
(V1.3)
	id sma014261; Sun Apr 27 20:26:41 1997

(everything after this can be pure BS)

Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18])
          by ns3.harborcom.net (8.8.5/8.8.4) with ESMTP
	  id QAA10827; Sun, 27 Apr 1997 16:25:47 -0400 (EDT)
Received: from localhost (daemon@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA26277;
          Sun, 27 Apr 1997 13:03:12 -0700 (PDT)
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id NAA26254
          for questions-outgoing; Sun, 27 Apr 1997 13:03:04 -0700 (PDT)
Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA26249
          for <questions@freebsd.org>; Sun, 27 Apr 1997 13:03:00 -0700 (PDT)
Received: from tuna.ProGroup.COM (tuna.progroup.com [206.24.122.5]) by
seabass.progroup.com (8.7.5/8.7.3) with SMTP id NAA25931; Sun, 27 Apr 1997
13:01:19 -0700 (PDT)
Received: by tuna.ProGroup.COM (SMI-8.6/SMI-SVR4)
	id NAA02441; Sun, 27 Apr 1997 13:03:08 -0700
From: craig@tuna.progroup.com (Craig W. Shaver)
Message-Id: <199704272003.NAA02441@tuna.ProGroup.COM>
Subject: Re: COME SEE THE HOTTEST scam spam on the net!!!
To: tomdean@ix.netcom.com
Date: Sun, 27 Apr 1997 13:03:08 -0700 (PDT)
Cc: questions@freebsd.org
In-Reply-To: <3363715E.156@ix.netcom.com> from "Thomas D. Dean" at Apr 27,
97 08:31:42 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk
X-UIDL: 8c32cdb617d4289c6d5d1b1df50af7c8



-------------------------------------------
Jeff Mountin - System/Network Administrator
jeff@mixcom.net

MIX Communications
Serving the Internet since 1990



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970502011232.00b8e16c>