Cory Petkovsek ([EMAIL PROTECTED]) wrote: > >On Mon, Jul 28, 2003 at 05:13:27PM -0700, Ben Barrett wrote: >> The point I'm trying to get to, is that if the email does come from a >> legit service, the subscribe should work, and is a good idea if you want >> to get less of "that crap" ( = Obvious to most of us, I'm sure, but >> needs to be clarified for the list's archive and other innocent >> assumption-sufferers... > >Then it needs to be clarified also how to determin if the mail comes >from a legit service. Just because it says it is from >[EMAIL PROTECTED] doesn't mean you should click here and >unsubscribe. > >Look in the mail headers for the first receiving header (the lowest in >the list). This tells you where the mail originated from (sort of). If >it came from legit.com [some_ip] then it is usually safe to unsubscribe. >For instance this was in ben's email at the bottom: > >Received: from mail.nu-world.com (mail.nu-world.com [207.55.105.3]) > by sapir.efn.org (8.12.6p2/8.12.6) with ESMTP id h6T0GvEe029660 > for <[EMAIL PROTECTED]>; Mon, 28 Jul 2003 17:16:57 -0700 (PDT) > (envelope-from [EMAIL PROTECTED]) >Received: from localhost.localdomain (bbarret1.continet.com [206.163.64.242] > (may be forged)) > by mail.nu-world.com (8.12.9/8.12.9) with SMTP id h6T0PgcH000562 > for <[EMAIL PROTECTED]>; Mon, 28 Jul 2003 17:25:42 -0700 (PDT) >From: Ben Barrett <[EMAIL PROTECTED]> > >bbarret1.continet.com [ip] and then mail.nu-world.com, which match the >domain in the "From" line. If you are getting junk mail from >@nu-world.com, this would be okay to try and unsubscribe. > >But if it looks like this (a spam I got today): >Received: from clt74-89-126.carolina.rr.com ([24.74.89.126] helo=micronicos.co.uk) > by uranus.petersen-arne.com with smtp (Exim 3.35 #1 (Debian)) > id 19hH1D-0008Ie-00 > for <[EMAIL PROTECTED]>; Mon, 28 Jul 2003 16:03:03 -0700 >From: "Maude Ferguson" <[EMAIL PROTECTED]> > >This is one you do not respond to. Why? 1) It is spam 2) From: address >does not match "Recieved: from" domain 3) "Received: from" domain is >probably a dhcp client of road runner, signified by a derivative of >'client' and numbers in the domain name. It certainly does not have a >domain name of it's own. 4) the helo is totally off base. > >Cory > >EuG-LUG mailing list >[EMAIL PROTECTED] >http://mailman.efn.org/cgi-bin/listinfo/eug-lug > If you ping clt74-89-126.carolina.rr.com or micronicos.co.uk, the NDS resolves (24.74.89.126 and 217.33.99.220) but there is no reply. Couldn't this be used to identify the illegal SPAMers and drop that mail in /dev/null?
-- Bob Crandell Assured Computing When you need to be sure. [EMAIL PROTECTED] www.assuredcomp.com Voice - 541-689-9159 FAX - 541-463-1627 Eugene, Oregon _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
