Thanks for your help Andy and Scott. I thought this looked strange. - Andy
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Wednesday, November 17, 2004 3:01 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Help investigating abuse complaint > > > >Received: from mx4.uniserve.ca ([216.113.192.45]) by mail- > host.uniserve.ca... > >Received: from yahoobb218116092015.bbtec.net ([218.116.92.15]) by... > >Received: from cousinssubs.com (mail.cousinssubs.com [216.43.194.27]) > by... > > > >The uniserve.ca references are the servers of the guy who complained. > The > >mail.cousinssubs.com (216.43.194.27) is my mail server. > > This one definitely did not come from IMail (if it did, there would be > another Received: header -- IMail always adds one to E-mail it processes). > > The only possibility of a problem on your end would be if your mailserver > is compromised (which rarely happens, but still could be a possibility). > > >The other ones > >referring to bbtec.net is where I am having trouble figuring out what > >happened here. Please correct me if my understanding is incorrect but it > >looks like the message originated on my server, was relayed to the > bbtec.net > >server and then relayed to the uniserve.ca servers. > > If the headers can be trusted, yes. > > In this case, though, the header that mentions your IP is > 218.116.92.15. However, the reverse DNS entry of 218.116.92.15 is > YahooBB218116092015.bbtec.net. I believe that is a Japanese subsidiary of > Yahoo -- and if so, it definitely isn't trustable (a Yahoo mailserver > should have some indication that it is a mailserver). > > So either the spam came from 218.116.92.15, or the burden of proof lies > with them. > > -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
