on Mon, Oct 15, 2001 at 11:14:00AM -0500, DvB ([EMAIL PROTECTED]) wrote: > I've been putting up with deleting spam from my email account for quite > a while... it's kind of routine by now. The other day, however, I > received the following in my Yahoo! Mail inbox, which leads me to > believe that some @#*$&% is placing my address in the "From:" header of > his/her scourge as he/she sends it out. > Any idea how I can make this person stop? Is there some place I can > report stuff like this?
See below.
>
> >From [EMAIL PROTECTED] Thu Oct 11 20:55:00 2001
> X-Apparently-To: [my-address] via web14608.mail.yahoo.com; 11 Oct 2001
> 21:03:27 -0700 (PDT)
> Received: from 212.35.254.3 (EHLO midnet.co.uk) (212.35.254.3) by
> mta409.mail.yahoo.com with SMTP; 11 Oct 2001 21:03:26 -0700 (PDT)
> From: [EMAIL PROTECTED] | Block Address | Add to Address Book
> To: [my-address]
> Subject: Undeliverable mail for @aol.com
> Date: Fri, 12 Oct 2001 04:55:00 +0100
> Message-ID: <[EMAIL PROTECTED]>
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="[EMAIL PROTECTED]"
> Content-Length: 2388
>
> The following message could not be delivered to captshane@@aol.com,
> captsgwl@@aol.com and captsgal@@aol.com because the host @aol.com does
> not
> exist.
>
> ----Unsent message follows----
>
> Attachment: Forwarded Message
>
> Received: from 38.210.6.214 (38.210.6.214) by midnet.co.uk with SMTP (Eudora
> Internet Mail Server 3.0.3); Fri, 12 Oct 2001 03:55:06 +0100
This is a point of origin for the message.
38.210.6.214 (you want the value from parenthesis, it's the
reverse-lookup value, and may differ from the announced value) resolves
to PSI.NET's netblock:
$ whois 38.210.6.214
PSI is a large provider and has had longstanding issues with spam, to
some extent, unavoidable.
Your own mail appears to originate from 159.98.136.121 (from the headers
of the message I'm replying to, though I'm not positive what with
mailing list interactions), which is in IDB Communications netblock
(NET-IDB).
I'd post to [EMAIL PROTECTED] and report the issue. There's not a whole lot
else you can do, AFAIK. Might help to get some sort of information to
send those who decide to retaliate on your spam by mailbombing you or
worse. This is a lesson for those who would advocate such tactics:
mailbombing frequently misses the target and generates "collateral
damage". I use tools to report spam to originating netblocks and
referenced URLs/emails in payload, for disposition. spam.pl and
ricochet from Freshmeat are useful tools.
Incidentally, it was a similar impersonation of an address I used to use
which prompted me to sign (almost all) my mail. If my mail's not
signed (and verified), the implication should be that it's not from me.
Email headers, including 'From' lines, can be manipulated arbitrarially.
A legitimate 'From' line, or one corresponding to the source of an
email, are not necessary, though they're suggested by standards and
protocols.
> Message-ID: <000054765fbf$00001fbf$00000f39@>
> To: [EMAIL PROTECTED]
> CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
> From: [my address, dammit!]
> Subject: Free Investment Report !!! (creighto)
> Date: Thu, 11 Oct 2001 22:54:24 -0400
> MIME-Version: 1.0
> Content-Type: text/plain; charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
> X-Priority: 1
> X-MSMail-Priority: High
>
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
pgpvNpl6xCGnq.pgp
Description: PGP signature
