I've been receiving some strange spam today on various email addresses of ours. Its almost like they are profiling various addresses to see if they are working.
The "from" and "to" addresses are the same email address and they are valid addresses on our domain. However, it appears they are forging headers. Can someone take a look at these headers and tell me if its something I need to worry about? The body of the emails are a series of 3 to 4 numbers -- nothing meaningful. Which is why I think we are being profiled for some nefarious reason. The return-path, from and to address, smtp sender and message-id all look like valid headers for our mail server. However, the "sever name" is obviously not ours. So they aren't sending via our mail server (we haven't been hacked) however everything else is forged. What would be the purpose? Here are the headers: Return-Path: <[EMAIL PROTECTED]> Mon Jun 05 22:03:23 2006 Received: from catv25.avis.ne.jp [202.247.193.25] by perseus.sixthweb.com with SMTP; Mon, 5 Jun 2006 22:03:23 -0500 Date: Tue, 06 Jun 2006 11:59:17 +0900 To: "Racing" <[EMAIL PROTECTED]> From: "Racing" <[EMAIL PROTECTED]> Subject: 586876 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: Filter_Country: Message failed Filter_Country test (line 110, weight 3) X-Note: ======================================== X-Note: Spam Score: [4] X-Note: Scan Time: 22:03:35 on 05 Jun 2006 X-Note: Spool File: 30844292.EML X-Note: Server Name: catv25.avis.ne.jp X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Reverse DNS & IP: catv25.avis.ne.jp [202.247.193.25] X-Note: Recipient(s): <fwd>[EMAIL PROTECTED] X-Note: Country Chain: JAPAN->destination X-Note: Failed Weights: SPFUNKNOWN [1], Filter_Country [3] X-Note: ======================================== X-Rcpt-To: <[EMAIL PROTECTED]> --- [This E-mail scanned for viruses by Declude Virus] [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
