> Looking at the HELO. When I did nslookup on 211.108.90.4 it did not
> resolve, so I assumed it was in fact libero. A bit naive I guess;
> something like this would not be coming from an isp.
Anybody can put anything he wants into a HELO. When I telnet to a mailserver, I usually just put "jochemd" in it. Not exactly an existing top level domain ;-)
> How did you get
> Korea? I am not arguing the point as I know you know more thna I do,
> but how did you get that?
I ran the IP address through ARIN http://www.arin.net/ which pointed me to APNIC http://www.apnic.net/ which pointed to Korea.
>> Why do you think it is spoofing a prunebelly address?
>
> It claims to be sent to user A at prunebelly but was received by user
> B. User A neither received not sent it.
It is more likely it was really sent to User A, but User A has a mail problem and it was BCC'ed to User B.
>> But without full headers it is a bit difficult to see where
>> it came from exactly, so it is not clear where to report it. You might
>> want to just go for the spamvertized site instead of the originator
>> (which undoubtedly is a hacked/misconfigured DSL cluebie).
>
> User claims nothing appears when you go View --> All Headers (Outlook
> Express). This may in fact be the case as she is at least competent
> enough to view source.
Then use another tool. There are always headers.
> BUT :) BUT :) this one is registered to some guy in Lynden Washington
> using a hosting company in Columbia Maryland.... thanks, I got it from
> here, unless you have further suggestions <g>
The FBI is the way to go in cases of suspected child abuse.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
