I've been receiving some strange spam today on various email addresses of
ours.  Its almost like they are profiling various addresses to see if they
are working.

The "from" and "to" addresses are the same email address and they are valid
addresses on our domain.  However, it appears they are forging headers.  Can
someone take a look at these headers and tell me if its something I need to
worry about?  The body of the emails are a series of 3 to 4 numbers --
nothing meaningful.  Which is why I think we are being profiled for some
nefarious reason.  The return-path, from and to address, smtp sender and
message-id all look like valid headers for our mail server.  However, the
"sever name" is obviously not ours.  So they aren't sending via our mail
server (we haven't been hacked) however everything else is forged.  What
would be the purpose?

Here are the headers:

Return-Path: <[EMAIL PROTECTED]> Mon Jun 05 22:03:23 2006
Received: from catv25.avis.ne.jp [202.247.193.25] by perseus.sixthweb.com
with SMTP;
   Mon, 5 Jun 2006 22:03:23 -0500
Date: Tue, 06 Jun 2006 11:59:17 +0900
To: "Racing" <[EMAIL PROTECTED]>
From: "Racing" <[EMAIL PROTECTED]>
Subject: 586876
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail.
X-RBL-Warning: Filter_Country: Message failed Filter_Country test (line 110,
weight 3)
X-Note: ========================================
X-Note: Spam Score:           [4]
X-Note: Scan Time:                  22:03:35 on 05 Jun 2006
X-Note: Spool File:         30844292.EML
X-Note: Server Name:        catv25.avis.ne.jp
X-Note: SMTP Sender:        [EMAIL PROTECTED]
X-Note: Reverse DNS & IP: catv25.avis.ne.jp [202.247.193.25]
X-Note: Recipient(s):           <fwd>[EMAIL PROTECTED]
X-Note: Country Chain:          JAPAN->destination
X-Note: Failed Weights:   SPFUNKNOWN [1], Filter_Country [3]
X-Note: ========================================
X-Rcpt-To: <[EMAIL PROTECTED]>


---
[This E-mail scanned for viruses by Declude Virus]


[This E-mail scanned for viruses by Declude EVA]



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to