Alas, the header does not include any e-mail address that cannot be spoofed. OTOH, the RECEIVED header field inserted by your e-mail provider cannot be spoofed.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of CM Poncelet <[email protected]> Sent: Monday, September 17, 2018 1:58 PM To: [email protected] Subject: Re: Spam alert: Model9 Yes, I had mentioned that: "(Yes, it can be spoofed - but the headers/metadata show the spammer's real email ID.)" CP On 16/09/2018 21:18, Seymour J Metz wrote: > Be careful; spammers often forge headers, so it's safest to learn how to read > headers and to check the Received header fields to determine the actual > provenance of the spam. > > See also > http://secure-web.cisco.com/1vs8h6joJJ_FBNWwYHrae_yil76zbNw5MCRUOo3wezy5LoHrn0hDc_hRIcKeHei3xqkqFk2mFrzfSG1VFpcmDMg5GQKY1uuOY-XCZcqfLZRws_X4HTMnn8bZ2oHCA0-hCGshdbSyHaHTMtLQfXINY5AfoIsOrFaZBP3XZNg5GMoLDIiI_QqGRttnvi6AqpF9Q3352PYIEEAYDRPaSpmMjEeqN_Ek06frfa6oG6VJNQ0HpJFiN3baqguSIqhNt53HQGqtGwDf6UgP9iWS8xSush97JKKFOv25FW_4R5gg8fX8aJN1UkKHvVAQNP_daDXKZLoazubw68xAC25p0_X-Wrs4hibkK6uaxshFy5-ClPTft1XKm_X6Jhq6bwIUYDPpiJnbv4l0Jj6zqHVFlX2Q1lvUJi_C_Y8RGcs0DzmsO1uaynVGDQuLTciDGJDhI04Up/http%3A%2F%2Fwww.medwayhosting.com%2Fspam-l%2Fdeobfuscation-by-Shmuel%2Findex.html > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > CM Poncelet <[email protected]> > Sent: Saturday, September 15, 2018 11:18 AM > To: [email protected] > Subject: Re: Spam alert: Model9 > > FWIW SPAM mail can be sent to https://www.spamcop.net/ with a copy sent > also to the spammer's email domain administrator (provided the > abuse@<whatever> email ID is keyed into spamcop's spare 'copy-to' box > that is). > > The spammer's email domain is the one following the '@' sign. The > 'report abuse to administrator' email address for the spammer can then > be found at > https://secure-web.cisco.com/11Rj0URRt6sLw_P2VizI4v2gdo26_pqiMBOP4zRkAM9-nlimjAnJlp6-HqEGNDK45XOhG_VTyx16nYKlAIefZOQmBra9MEF93HPIeLS5vbiAsFVzznEzHo2lSbXQvBnH38UQdlaGjh0FoMPuvBFVkKfKlCBLKlaZzbWslfmFqD5dTroH3mLYhTWW2-BpKFanB2QBw-KOxk-9bJxdS_VxcTS_e-V3LBt78MwqkwkTaFC9Pe27XGZ9RjDmjEydMCf-aKrgri83XGA-v0_4zruL8Mc6FiY11LtePMKgwlFflae5fq-bApl2L6OmK2rJ6fxWx5yGC5ZbmUNS-i4Sjt0Q_TbD7MEKvN8bydxHMmMYxno5rcBNluTJhs4-hLvVz4UFvMN6OhsxAGmGSLQBMR0y9oxuj5CYMaEklwXglSxfkWhROAtRqX2gQABZrZR7Zr0pd/https%3A%2F%2Fwww.whois.com%2F. > (Yes, it can be spoofed - but the > headers/metadata show the spammer's real email ID.) > > This practically always stops any further junk mail being sent out. > > (BTW My filters store any emails from unrecognised senders - e.g. from > Model9 - in my 'trash' folder, from where they are then deleted. So, > NOPWAD.) > > HTH, CP > > > > On 14/09/2018 22:30, Arthur wrote: >> On 14 Sep 2018 03:50:14 -0700, in bit.listserv.ibm-main >> (Message-ID:<[email protected]>) >> [email protected] (Giliad Wilf) wrote: >> >>> Got this e-mail too, inspected it with some concerns, but finally >>> opened it. >>> It could prove useful, as the CEO advised my previous employer on >>> performance issues we had, to our satisfaction. >>> This CEO co-authored many IBM publications, both white and red, and >>> was a visiting developer at IBM of some z/OS components. >> If you know the CEO, tell him not to spam. Don't let spammers prosper. >> It wouldn't be the first time a CEO didn't know what his marketing >> people are doing. >> >> Also, I forwarded it to the edress in the anti-spam header: >>> X-Report-Abuse-To: [email protected] (see >>> https://secure-web.cisco.com/1GujClvauL3cZ7Io1yNJWzrQB65DX2GHqmo7k9mSuX0Sw_X-mm6dI9Qi6EVPBrTOH1bNZmdgoKeqCGlQVoAkQHBsBRwEWzEUtgLBKc_OXDTtg9FYlTWokRgcLE2A0PMyKEUGrDJqOSv9MvA54e82tOnlC_8nzHszc-QYR18WjcIYd4GWOkx_PSaEwIPgkQ4CDw5dRThVxbmgCcfrz0gG9jfIQ7z-g6IHBxk8q8FI8aSUOB57tojOhkVtETICUfHE-_TVZtECjebk4N1dfijeEwuG435GtFJ-lnOcztvHRf5igqrrQB-wI6ferMNfOl-OOWPOr79Neji7M63YpKo-ChGzKU0NDnE3ASgupXuqc76ZV1P8vivc0Lvszw7JvqA80oVB7lEZlYS30wqvL6D4xxgz3jBHszeWYT9PF2Du5N3I5J5eA9hpKFn1dAYEArQ9cX17mBzGWPSUqFVmq4ieGAA/https%3A%2F%2Fwww.hubspot.com%2Fabuse-complaints%29 >> I'm not sure how much good it'll do, but I did get a response from >> that. If the rest of you also report it, it might make a difference. >> He did say they "will be investigating to ensure compliance with our >> acceptable use policy." >> >> And, in reference to another post: I did not go to Share; I did not >> subscribe; it was sent to this edress which I use *only* for IBM Main. >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> . >> > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > . > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
