What's interesting is that the header at the bottom is clearly forged - 194.217.242.6 *is* punt-2.mail.demon.net, which is one of the two MX
records for my domain zamenhof.demon.co.uk. The genuine Received
header is the one above.
Is this a new spammer trick - to forge a Received header that refers to the recipient's legitimate MX? Presumably the intention is to try to mislead anyone (or anything) which is trying to trace the spammer - or at least throw them off course.
Is this common?
All I can say (Demon subscriber in the Netherlands) is that it's been going on for years. I used to be mailadmin for several different firms and for several years, and forged headers - whether from one's own server(s) or not - was one of the first things one looked for. And yes, it's still going on. I don't know why the spamware people bother, it sticks out like a sore thumb. Look at the difference in helo, id and date formats in your own, quoted header, for example.
Best,
Tony
-- Tony Earnshaw
Humor him and he'll go away
http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
