Re: [Declude.JunkMail] Spoofed IP's

[Glenn \\ WCNet]

R. Scott Perry said -- My guess would be either that it was a spoofed report (not from SpamCop), or that it isn't related to your IP (for example, I've heard that SpamCop will report web sites that are listed in spam). That is correct.  I got a report yesterday from SpamCop regarding a "spamvertized website" that is hosted here, but had nothing to do with the source of the spam message.  The website in question provides a number of pre-written scripts, some for puchase, some for free downloading.  One of these scripts was in the html code of the spam, and referenced his website as the author, but that website name does not even appear in the viewable text of the spam, only in the html source code.   Glenn Z.       ----- Original Message ----- From: R. Scott Perry To: [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 8:37 PM Subject: Re: [Declude.JunkMail] Spoofed IP's >We have a problem, where SpamCop or someone, will contact us claiming they >have received spam from our IP range. I investigate only to find out what I >expected, there is no server, client, or anything on that subnet. Infact we >haven't allocated that subnet yet, it sits unused. You may want to check out http://spamcop.net/fom-serve/cache/338.html , which shows a sample "real" report from SpamCop -- there was a spammer that was sending out lots of fake SpamCop notices a while back, he may have started up again. >My immediate suspicion is that the address is spoofed. We have bogon filters >on the edge of our network, so I am 99.9% sure that these are spoofed >addresses. > >Do any of you experience this too? Any suggestions? I get about 2 or 3 >claims a week and it's just bothersome. My guess would be either that it was a spoofed report (not from SpamCop), or that it isn't related to your IP (for example, I've heard that SpamCop will report web sites that are listed in spam). IP spoofing is usually very, very difficult to do -- doable by a knowledgeable hacker with the right compromised servers, nearly impossible for a script kiddie, and probably impossible for any spammer.  It is next to impossible to do with a Windows computer, and Windows computers are what spammers and script kiddies tend to have for compromised servers.  Even if a spammer knew how to do it, the drawbacks of doing so would likely well outweigh the benefits.                                          -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com.