This looks a lot like the millions that were sent through one of my clients' WAP. If this is the case, it's nonroutable because they are sitting behind a corporate firewall.
-----Original Message----- From: Colbeck, Andrew [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:25 AM To: '[EMAIL PROTECTED]' Subject: [Declude.JunkMail] Interesting headers, but this message was still easily caught Received: from 66.38.133.97 [200.252.69.131] by mail.bentall.com (SMTPD32-8.02) id A3E5113000F4; Wed, 17 Sep 2003 10:03:33 -0700 Received: from [73.250.175.174] by 66.38.133.97 with SMTP for <snip>; Wed, 17 Sep 2003 06:00:29 +0000 Message-ID: <[EMAIL PROTECTED]> From: "Sheldon Barton" <[EMAIL PROTECTED]> Reply-To: "Sheldon Barton" <[EMAIL PROTECTED]> To: <snip>, <snip>, <snip>, <snip>, <snip>, <snip> Subject: can you please her? Date: Wed, 17 Sep 03 06:00:29 GMT X-Mailer: mnhjklop MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="E.F961FB6_.FD28E2.7305.B" X-Priority: 3 X-MSMail-Priority: Normal Now that is interesting. The miscreant address 200.252.69.131 is apparently an open proxy. What is interesting about this message is the forgery of the headers. The 66.38.133.97 name is bogus, the spammer is using my mail server's address as their hostname. The 73.250.175.174 address is either a deliberate forgery or an internal address of the open proxy, because it is a non-routable address reserved by IANA. Also note the bogus X-Mailer name. The X-MS-Mail-Priority header on the other hand, either gives away that the source was part of the Microsoft Outlook family, or is another forgery. Based on the number of ip4r tests the source address was in, plus the COUNTRY routing, plus the obfuscation, plus the reply-to address, this message easily reached my HOLD weight. Which makes the effort to forge the headers so remarkable! Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
