How do I block this?

Kirk Wood cpt.kirk at 1tree.net
Sat Jan 12 13:18:33 EST 2002


On Sat, 12 Jan 2002, Janina Sajka wrote:
> Recently, I came across the following header, and it has me befuddled. How 
> did they manage to make me out like the bad guy? The to: field seems 
> blank, but I'm the reply-to. Seems to me the culpirt may be an insecure 
> sag01.pumford.com. Is that a reasonableguess? But how did they work it to 
> make me the reply-to? And, might I be the reply-to in someone else's 
> mailbox?

You are correct here. The originator is at address 216.208.16.34. A
traceroute reveals that this IP address is not in anyone's DNS server, but
is served by bellnexxia.net Thus, you should send a complaint to
abuse at belnexxia.net. But first, check their web page and make sure they
don't encourage spam. As nasty as it sound,s I have come across providers
who stand up for spam. The first relay is indeed sag01.pumford.com.

As for how they fake the rest, it is so easy as to make one's head
spin. If they actually were sending this through a mail agent, they just
put what info they want you to see in reply-to. There is no security
here. More likely they have a script program that feeds the crap in. I am
considering a move to a hosting company that will filter the crap out. I
don't care if it gets some legitamite people's email. Those people will
then be pushed to have action taken by their provider. I wish it was
normal to filter for spam.

>  Return-Path: <janina//afb.net at 165.212.14.253>
> Received: from localhost (toccata.grg.afb.net [127.0.0.1])
>         by toccata.dsl092-170-083.wdc1.dsl.speakeasy.net (8.11.6/8.11.6) 
> with ESMTP id g0BA45u12826
>         for <janina at localhost>; Fri, 11 Jan 2002 05:04:05 -0500
> From: janina//afb.net at 165.212.14.253
> Received: from 165.212.14.253 [165.212.14.253]
>         by localhost with POP3 (fetchmail-5.9.0)
>         for janina at localhost (single-drop); Fri, 11 Jan 2002 05:04:05 
> -0500 (EST)
> Received: USA.NET MXFirewall, messaging filters applied; Fri, 11 Jan 2002 
> 10:02:26 GMT
> Received: from emdvg003.eservices.usa.net [165.212.54.10] by 
> umdvg002.cms.usa.net via mtad (53CM.1001.1.06)
>         with ESMTP id 762gakkcw0058M02; Fri, 11 Jan 2002 10:02:23 GMT
> Received: from sag01.pumford.com [64.7.165.19] by 
> emdvg003.eservices.usa.net via mtad (ES.0801.2.03);
>         Fri, 11 Jan 2002 10:02:28 GMT
> Received: from QRJATYDI (216.208.16.34 [216.208.16.34]) by 
> sag01.pumford.com with SMTP (Microsoft Exchange Internet Mail
>     Service Version 5.5.2650.21)
>         id CFA4V5AG; Fri, 11 Jan 2002 04:50:14 -0500
> To:
> Subject: Are you healthy and wealthy? You are lucky!
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> Date: Fri, 11 Jan 2002 12:45:58 +-0800
> Message-ID: <23245210 at mbjdr>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="Windows-1251"





More information about the Speakup mailing list