I haven't heard much lately about what's happening with ORBS (and
another, similar organization whose name I can't remember) who were
trying to pressure ISPs to close open relays. I discovered that my
own ISP had a server acting as an open relay and applied as much
torque-to-the-arm as I could to get them to correct the problem.
It took about 10 days, but they did seem to take the problem
seriously. It might be worth a try to reason with Prodigy... send
them the email with the complete header. Or, if ORBS is still
active, send them the email header and ask them to place the server
in the ORBS database.
Helder Correia wrote:
>David Groover <[EMAIL PROTECTED]> wrote:
>
>[Sorry about re-arranging your message, but it made my reply easier to
>follow.]
>
>>But this one reminds me that I really do not yet understand headers. When
>>people talk of forged headers, who, or what, part of the header (using
>>the below example as a concrete example) is usually forged? I am
>>concerned that if I start adding isp's to my spam filter that I will
>>start blocking future legit messages as well.
>
>OK, let's see if I end up helping you ... or confusing us both.
>
>Here are the headers you received:
>
>>Status: U
>>
>>Return-Path: < [EMAIL PROTECTED] >
>>
>>Received: from pimout4-ext.prodigy.net ([207.115.63.103]) by
>>kendall.mail.mindspring.net (Earthlink Mail Service) with ESMTP id
>>17PHX8NW3Nl3pM0 for <[EMAIL PROTECTED]>; Fri, 13 Sep 2002 00:21:09
>>-0400 (EDT)
>>
>>Received: from Xep (adsl-65-65-223-64.dsl.rcsntx.swbell.net
>>[65.65.223.64]) by pimout4-ext.prodigy.net (8.12.3 da nor stuldap/8.12.3)
>>with SMTP id g8D4KvAI091506 for <[EMAIL PROTECTED]>; Fri, 13 Sep
>>2002 00:20:58 -0400
>>
>>Date: Fri, 13 Sep 2002 00:20:58 -0400
>>
>>Message-Id: <[EMAIL PROTECTED]>
>>
>>From: norman <[EMAIL PROTECTED]>
>>
>>To: [EMAIL PROTECTED]
>>
>>Subject: A WinXP patch
>>
>>MIME-Version: 1.0
>>
>>Content-Type: multipart/alternative; boundary=C6z4361q9cmbo62A
<stuff deleted>
>the Prodigy server says that it received the message from
>"Xep (adsl-65-65-223-64.dsl.rcsntx.swbell.net [65.65.223.64])". The
>"[65.65.223.64]" is the IP address of the computer that Prodigy
>received the message from. The name
>"adsl-65-65-223-64.dsl.rcsntx.swbell.net" is what Prodigy determined is
>the correct name for that IP address. However, the "Xep" is how that
>computer identified itself to the Prodigy server when it initially
>established a connection prior to transmitting the message. Why would
>a SouthWest Bell SMTP server lie about its name? It wouldn't! So this
>must be the IP address of the PC of the spammer himself (or a PC he
>hacked). Since we now know the machine is a home PC rather than an
>SMTP server, we can now assume that the "adsl" in the name above
>indicates a DSL customer of SouthWest Bell.
>
>By the way, the SMTP server named "pimout4-ext.prodigy.net" received
>the message from outside its own network. Since neither you nor the
>sender are part of the Prodigy network, this server is acting as an
>open relay for spam.
___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
