Here are the headers from a spam message I received...and by the way it looks like it came from ME!
That is quite common -- many spammers are using HELO/EHLO using the name of the server they are sending to (hoping it will be whitelisted, presumably).
I went to DNSstuff.com and looked up the IP which was 199.8.47.99 or 99.47.8.199. It seems to be coming from Manchester College...probably a little group of spammers I'm guessing.
You might want to send a note to [EMAIL PROTECTED], to let them know.
Now that I am armed with the knowledge of the spammer and their IP, what is the best way to block it? I also included the detail from dnsstuff.com below the spam headers.
You're not going to be able to block it. It can't be done.
At least, it can't be done while it is whitelisted:
X-Spam-Tests-Failed: Whitelisted [0]
The key here is to figure out which whitelist entry caused the spam to be whitelisted.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
