On Sun, 8 Jul 2001, D. Stimits wrote:
> Looking closer, I see that it was a "TO" address of Japan. More
> confusing is:
> Sender:
> owner-linux-xfs@xxxxxxxxxxx
>
> Does that mean there was an attempt to forge the header? Or maybe sgi is
> being used as a relay?
No, the spammer sent the crap to the linux-xfs list, which then
redistributed it to all the subscribers.
You need to work your way down the Received from: chain to find the
originating MTA or sending MUA. Some MTAs don't record the sender's IP of
course...
> I see now the actual sender (and the ISP is about
> to get an email):
> "West Quinn" <ptm31p@xxxxxxxxxxxxxxx>
Probably a forgery. I've deleted the spam, but IIRC it originated from a
Popsite dial-up.
> Spam is kind of ridiculous these days. :(
Kind of huge... some spammers are getting into the ISP business. :-(
--
Regards,
Juha
PGP fingerprint:
B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544
|