Date: Fri, 02 May 1997 01:12:32 -0500 From: "Jeffrey J. Mountin" <sysop@mixcom.com> To: craig@tuna.progroup.com (Craig W. Shaver) Cc: questions@freebsd.org Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! Message-ID: <3.0.32.19970502011232.00b8e16c@mixcom.com>
next in thread | raw e-mail | index | archive | help
At 01:03 PM 4/27/97 -0700, Craig W. Shaver wrote: >When you get this kind of email expand the headers, most of the from >and reply addresses are forged, but the received list should show >a good ip address. Do a traceroute to each of the addresses, and >send email to root, postmaster, and abuse at each of the addresses. >Copy the headers and your traceroutes into your replies. I don't have the full thread for this, but did anyone mention that the headers can be forged. Only the first 2 lines of the header can be trusted, as they are added by the local sendmail. Here is the header from this message, as I don't have a truely creative bogus header handy: Received: by mixcom.mixcom.com (8.6.12/2.2) id PAA14271; Sun, 27 Apr 1997 15:26:51 -0500 Received: from ns3.harborcom.net(206.158.4.7) by mixcom.mixcom.com via smap (V1.3) id sma014261; Sun Apr 27 20:26:41 1997 (everything after this can be pure BS) Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) by ns3.harborcom.net (8.8.5/8.8.4) with ESMTP id QAA10827; Sun, 27 Apr 1997 16:25:47 -0400 (EDT) Received: from localhost (daemon@localhost) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA26277; Sun, 27 Apr 1997 13:03:12 -0700 (PDT) Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA26254 for questions-outgoing; Sun, 27 Apr 1997 13:03:04 -0700 (PDT) Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA26249 for <questions@freebsd.org>; Sun, 27 Apr 1997 13:03:00 -0700 (PDT) Received: from tuna.ProGroup.COM (tuna.progroup.com [206.24.122.5]) by seabass.progroup.com (8.7.5/8.7.3) with SMTP id NAA25931; Sun, 27 Apr 1997 13:01:19 -0700 (PDT) Received: by tuna.ProGroup.COM (SMI-8.6/SMI-SVR4) id NAA02441; Sun, 27 Apr 1997 13:03:08 -0700 From: craig@tuna.progroup.com (Craig W. Shaver) Message-Id: <199704272003.NAA02441@tuna.ProGroup.COM> Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! To: tomdean@ix.netcom.com Date: Sun, 27 Apr 1997 13:03:08 -0700 (PDT) Cc: questions@freebsd.org In-Reply-To: <3363715E.156@ix.netcom.com> from "Thomas D. Dean" at Apr 27, 97 08:31:42 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk X-UIDL: 8c32cdb617d4289c6d5d1b1df50af7c8 ------------------------------------------- Jeff Mountin - System/Network Administrator jeff@mixcom.net MIX Communications Serving the Internet since 1990
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970502011232.00b8e16c>