On Fri, 15 Feb 2002, at 09:33 [=GMT-0800], William X Walsh wrote:
> Friday, Friday, February 15, 2002, 8:44:15 AM, Matthew Rice wrote:
>
> > After we determine that its a real spammer (i.e. we've either warned them,
> > determined it wasn't a joe-job, determined its a real live spam) we
> > "put them in the dog house", set their host records to
> > doghouse.easydns.com which is a big page that says "we caught these guys
> > spamming and terminated them")
>
> > Then we add the domain to the dnsbl.org, so they can't move to zoneedit,
> > mydomain, powerdns or granitecanyon.
>
> Just make sure you are positive they are culpable [...]
Indeed. The domain in the From field means nothing. See the example below,
sent over a ccTLD nameserver, which is an open relay... The people to
contact are those of the two IP numbers in the header. Not Microsoft.
---
Return-Path: <[EMAIL PROTECTED]>
Received: from engine1.una.net ([208.136.52.74])
by fuchsia.bijt.net (8.11.6/8.11.4) with ESMTP id g1FLElf41948
for <[EMAIL PROTECTED]>; Fri, 15 Feb 2002 22:14:48 +0100 (CET)
(envelope-from [EMAIL PROTECTED])
Date: Fri, 15 Feb 2002 22:14:48 +0100 (CET)
From: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Received: from microsoft.com (pan.bijt.net [213.196.2.97])
by engine1.una.net (post.office MTA v1.9.3b ID# 0-13839)
with SMTP id AAA717 for <[EMAIL PROTECTED]>;
Fri, 15 Feb 2002 17:11:06 +0000
To: undisclosed-recipients:;
This is spam over an open relay. Do not blame the owner of the domain in
the faked From field!
---
