Most of the spam we get complaints about are domains spamvertised in the body of the email itself.
We pretty well ignore reports citing "From" headers (in fact, so does spamcop these days) -mark On Fri, 15 Feb 2002, Marc Schneiders wrote: > On Fri, 15 Feb 2002, at 09:33 [=GMT-0800], William X Walsh wrote: > > Friday, Friday, February 15, 2002, 8:44:15 AM, Matthew Rice wrote: > > > > > After we determine that its a real spammer (i.e. we've either warned them, > > > determined it wasn't a joe-job, determined its a real live spam) we > > > "put them in the dog house", set their host records to > > > doghouse.easydns.com which is a big page that says "we caught these guys > > > spamming and terminated them") > > > > > Then we add the domain to the dnsbl.org, so they can't move to zoneedit, > > > mydomain, powerdns or granitecanyon. > > > > Just make sure you are positive they are culpable [...] > > Indeed. The domain in the From field means nothing. See the example below, > sent over a ccTLD nameserver, which is an open relay... The people to > contact are those of the two IP numbers in the header. Not Microsoft. > > --- > Return-Path: <[EMAIL PROTECTED]> > Received: from engine1.una.net ([208.136.52.74]) > by fuchsia.bijt.net (8.11.6/8.11.4) with ESMTP id g1FLElf41948 > for <[EMAIL PROTECTED]>; Fri, 15 Feb 2002 22:14:48 +0100 (CET) > (envelope-from [EMAIL PROTECTED]) > Date: Fri, 15 Feb 2002 22:14:48 +0100 (CET) > From: [EMAIL PROTECTED] > Message-Id: <[EMAIL PROTECTED]> > Received: from microsoft.com (pan.bijt.net [213.196.2.97]) > by engine1.una.net (post.office MTA v1.9.3b ID# 0-13839) > with SMTP id AAA717 for <[EMAIL PROTECTED]>; > Fri, 15 Feb 2002 17:11:06 +0000 > To: undisclosed-recipients:; > > This is spam over an open relay. Do not blame the owner of the domain in > the faked From field! > --- > -- mark jeftovic http://www.easydns.com http://mark.jeftovic.net
