Here are examples of the Received Headers for the type of spam that are
being sent with forged email addresses for a domain that I host. These at
the last 10 bounced messages that I received, so it is fairly
representative.
Granted, 3 out of 10 messages originated in Romania. However, 3 out of 10
messages originated in the US. I am looking at the first (bottom) Received
Header in each case. I send complaints to the abuse email address listed in
the WHOIS record for this IP Address.
Do you think that these are victims of some sort that their ISP would want
to help?
Jim
BTW, Notice that the HELO signatures have an identifying characteristic:
ljxr.pzt mclbfk.wdui zsgnwd.zctjrq tmoju.zxlvfn sq.ywima sejah.nehj btm.ssp
ggav monmib yo.iszxuj - They look ramdomized to me.
Received: from p7143-ipbf1101marunouchi.tokyo.ocn.ne.jp
(p7143-ipbf1101marunouchi.tokyo.ocn.ne.jp [124.101.228.143])
by ms18.hinet.net (8.8.8/8.8.8) with SMTP id JAA13691
for <[EMAIL PROTECTED]>; Mon, 26 Jun 2006 09:33:54 +0800 (CST)
Received: (qmail 10158 invoked from network); Mon, 26 Jun 2006 10:33:43
+0900
Received: from unknown (HELO ljxr.pzt) (124.101.173.135)
by p7143-ipbf1101marunouchi.tokyo.ocn.ne.jp with SMTP; Mon, 26 Jun
2006 10:33:43 +0900
Received: from Unknown [85.186.176.196] by mailgateway - SurfControl E-mail
Filter (5.0.1); Sat, 24 Jun 2006 14:42:32 -0400
Received: from [85.186.170.61] (helo=mclbfk.wdui)
by intesrl.b.astral.ro with smtp (Exim 4.43)
id 1FuD5L-0002Zo-En; Sat, 24 Jun 2006 21:42:23 +0300
Received: from smtp.4sir.com ([192.168.1.5]) by DC01.FAVUS.Local with
Microsoft SMTPSVC(6.0.3790.1830);
Sat, 24 Jun 2006 23:31:43 +0100
Received: from pool-71-114-71-136.washdc.dsl-w.verizon.net ([71.114.71.136])
by smtp.4sir.com with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 24 Jun 2006 23:33:21 +0100
Received: from [71.114.98.170] (helo=zsgnwd.zctjrq)
by pool-71-114-71-136.washdc.dsl-w.verizon.net with smtp (Exim 4.43)
id 1FuGgL-0005kC-Ii; Sat, 24 Jun 2006 18:32:49 -0400
Received: from mx11.singnet.com.sg (mx11.singnet.com.sg [165.21.74.121])
by oxygen.singnet.com.sg (8.13.6/8.13.6) with ESMTP id
k5ONX3ho031563
for <[EMAIL PROTECTED]>; Sun, 25 Jun 2006 07:33:03 +0800
Received: from host115-247-static.73-81-b.business.telecomitalia.it
(host115-247-static.73-81-b.business.telecomitalia.it [81.73.247.115])
by mx11.singnet.com.sg (8.13.6/8.13.6) with SMTP id k5ONWqkY002113
for <[EMAIL PROTECTED]>; Sun, 25 Jun 2006 07:32:55 +0800
Received: (qmail 23527 invoked from network); Sun, 25 Jun 2006 01:42:22
+0200
Received: from unknown (HELO tmoju.zxlvfn) (81.73.95.50)
by host115-247-static.73-81-b.business.telecomitalia.it with SMTP;
Sun, 25 Jun 2006 01:42:22 +0200
Received: (qmail 26787 invoked from network); 25 Jun 2006 00:33:52 -0000
Received: from unknown (HELO qsmtp-mx-06) ([192.168.220.21])
(envelope-sender <[EMAIL PROTECTED]>)
by 0 (qmail-ldap-1.03) with SMTP
for <[EMAIL PROTECTED]>; 25 Jun 2006 00:33:52 -0000
Received: from unknown (HELO pool-71-114-71-136.washdc.dsl-w.verizon.net)
(71.114.71.136)
by qsmtp-mx-06.arnet.net.ar with SMTP; 25 Jun 2006 00:31:32 -0000
Received: from sq.ywima ([71.114.122.226])
by pool-71-114-71-136.washdc.dsl-w.verizon.net (8.13.2/8.13.2) with
SMTP id k5P0cKSJ019453;
Sat, 24 Jun 2006 20:38:20 -0400
Received: (qmail 392 invoked by uid 509); 18 Jun 2006 02:41:33 -0000
Received: from 24.8.155.205 by unimed.mail (envelope-from
<[EMAIL PROTECTED]>, uid 507) with qmail-scanner-1.25
(clamdscan: 0.86.2/1099. uvscan: v4.3.20/v4307.
Clear:RC:0(24.8.155.205):.
Processed in 2.367968 secs); 18 Jun 2006 02:41:33 -0000
Received: from c-24-8-155-205.hsd1.co.comcast.net (24.8.155.205)
by 0 with SMTP; 18 Jun 2006 02:41:30 -0000
Received: from [24.8.54.30] (helo=sejah.nehj)
by c-24-8-155-205.hsd1.co.comcast.net with smtp (Exim 4.43)
id 1FrnEa-0003l9-6J; Sat, 17 Jun 2006 20:41:56 -0600
Received: from unknown (HELO intesrl.b.astral.ro) (85.186.176.196)
by 0 with SMTP; 25 Jun 2006 08:25:34 -0000
Received: from btm.ssp ([85.186.101.58])
by intesrl.b.astral.ro (8.13.3/8.13.3) with SMTP id k5P8PpYD071896;
Sun, 25 Jun 2006 11:25:51 +0300
Received: (from ciwr [210.91.30.56])
by inns-smtp1.goldenrule.com (SMSSMTP 4.1.9.35) with SMTP id
M2006062507533704113
for <[EMAIL PROTECTED]>; Sun, 25 Jun 2006 07:53:38 -0400
Received: from [210.91.212.147] (helo=ggav)
by ciwr with smtp (Exim 4.43)
id 1FuTHa-0001IJ-ME; Sun, 25 Jun 2006 21:00:06 +0900
Received: from intesrl.b.astral.ro ([85.186.176.196])
by offsite1.bytemark.co.uk with smtp (Exim 4.34)
id 1FuUvq-0005IC-Dx
for [EMAIL PROTECTED]; Sun, 25 Jun 2006 13:45:47 +0000
Received: from [85.186.196.87] (helo=monmib)
by intesrl.b.astral.ro with smtp (Exim 4.43)
id 1FuUuQ-0002YS-Od; Sun, 25 Jun 2006 16:44:18 +0300
Received: from jjwd [58.19.227.40] by imail03.nt.aitcom.net
(SMTPD32-8.05) id A03011950150; Sun, 25 Jun 2006 10:39:44 -0400
Received: from yo.iszxuj ([58.19.230.149])
by jjwd (8.13.5/8.13.5) with SMTP id k5PEWbxN028325;
Sun, 25 Jun 2006 22:32:37 +0800
