If the header field that you quoted came from your provider then the IP address is trustworthy but that field doesn't have the sending e-mail address.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of CM Poncelet <[email protected]> Sent: Tuesday, September 18, 2018 9:17 AM To: [email protected] Subject: Re: Spam alert: Model9 Thanks for the clarification; but I do check all the header fields. E.g. Received: from latepayw.info (167.99.188.80) by ekottar122.adidassuperstar.biz for <my email ID etc.> CP On 17/09/2018 22:35, Seymour J Metz wrote: > Alas, the header does not include any e-mail address that cannot be spoofed. > OTOH, the RECEIVED header field inserted by your e-mail provider cannot be > spoofed. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > CM Poncelet <[email protected]> > Sent: Monday, September 17, 2018 1:58 PM > To: [email protected] > Subject: Re: Spam alert: Model9 > > Yes, I had mentioned that: "(Yes, it can be spoofed - but the > headers/metadata show the spammer's real email ID.)" CP > > > On 16/09/2018 21:18, Seymour J Metz wrote: >> Be careful; spammers often forge headers, so it's safest to learn how to >> read headers and to check the Received header fields to determine the actual >> provenance of the spam. >> >> See also >> http://secure-web.cisco.com/1vs8h6joJJ_FBNWwYHrae_yil76zbNw5MCRUOo3wezy5LoHrn0hDc_hRIcKeHei3xqkqFk2mFrzfSG1VFpcmDMg5GQKY1uuOY-XCZcqfLZRws_X4HTMnn8bZ2oHCA0-hCGshdbSyHaHTMtLQfXINY5AfoIsOrFaZBP3XZNg5GMoLDIiI_QqGRttnvi6AqpF9Q3352PYIEEAYDRPaSpmMjEeqN_Ek06frfa6oG6VJNQ0HpJFiN3baqguSIqhNt53HQGqtGwDf6UgP9iWS8xSush97JKKFOv25FW_4R5gg8fX8aJN1UkKHvVAQNP_daDXKZLoazubw68xAC25p0_X-Wrs4hibkK6uaxshFy5-ClPTft1XKm_X6Jhq6bwIUYDPpiJnbv4l0Jj6zqHVFlX2Q1lvUJi_C_Y8RGcs0DzmsO1uaynVGDQuLTciDGJDhI04Up/http%3A%2F%2Fwww.medwayhosting.com%2Fspam-l%2Fdeobfuscation-by-Shmuel%2Findex.html >> >> >> -- >> Shmuel (Seymour J.) Metz >> http://mason.gmu.edu/~smetz3 >> >> ________________________________________ >> From: IBM Mainframe Discussion List <[email protected]> on behalf of >> CM Poncelet <[email protected]> >> Sent: Saturday, September 15, 2018 11:18 AM >> To: [email protected] >> Subject: Re: Spam alert: Model9 >> >> FWIW SPAM mail can be sent to https://www.spamcop.net/ with a copy sent >> also to the spammer's email domain administrator (provided the >> abuse@<whatever> email ID is keyed into spamcop's spare 'copy-to' box >> that is). >> >> The spammer's email domain is the one following the '@' sign. The >> 'report abuse to administrator' email address for the spammer can then >> be found at >> https://secure-web.cisco.com/11Rj0URRt6sLw_P2VizI4v2gdo26_pqiMBOP4zRkAM9-nlimjAnJlp6-HqEGNDK45XOhG_VTyx16nYKlAIefZOQmBra9MEF93HPIeLS5vbiAsFVzznEzHo2lSbXQvBnH38UQdlaGjh0FoMPuvBFVkKfKlCBLKlaZzbWslfmFqD5dTroH3mLYhTWW2-BpKFanB2QBw-KOxk-9bJxdS_VxcTS_e-V3LBt78MwqkwkTaFC9Pe27XGZ9RjDmjEydMCf-aKrgri83XGA-v0_4zruL8Mc6FiY11LtePMKgwlFflae5fq-bApl2L6OmK2rJ6fxWx5yGC5ZbmUNS-i4Sjt0Q_TbD7MEKvN8bydxHMmMYxno5rcBNluTJhs4-hLvVz4UFvMN6OhsxAGmGSLQBMR0y9oxuj5CYMaEklwXglSxfkWhROAtRqX2gQABZrZR7Zr0pd/https%3A%2F%2Fwww.whois.com%2F. >> (Yes, it can be spoofed - but the >> headers/metadata show the spammer's real email ID.) >> >> This practically always stops any further junk mail being sent out. >> >> (BTW My filters store any emails from unrecognised senders - e.g. from >> Model9 - in my 'trash' folder, from where they are then deleted. So, >> NOPWAD.) >> >> HTH, CP >> >> >> >> On 14/09/2018 22:30, Arthur wrote: >>> On 14 Sep 2018 03:50:14 -0700, in bit.listserv.ibm-main >>> (Message-ID:<[email protected]>) >>> [email protected] (Giliad Wilf) wrote: >>> >>>> Got this e-mail too, inspected it with some concerns, but finally >>>> opened it. >>>> It could prove useful, as the CEO advised my previous employer on >>>> performance issues we had, to our satisfaction. >>>> This CEO co-authored many IBM publications, both white and red, and >>>> was a visiting developer at IBM of some z/OS components. >>> If you know the CEO, tell him not to spam. Don't let spammers prosper. >>> It wouldn't be the first time a CEO didn't know what his marketing >>> people are doing. >>> >>> Also, I forwarded it to the edress in the anti-spam header: >>>> X-Report-Abuse-To: [email protected] (see >>>> https://secure-web.cisco.com/1GujClvauL3cZ7Io1yNJWzrQB65DX2GHqmo7k9mSuX0Sw_X-mm6dI9Qi6EVPBrTOH1bNZmdgoKeqCGlQVoAkQHBsBRwEWzEUtgLBKc_OXDTtg9FYlTWokRgcLE2A0PMyKEUGrDJqOSv9MvA54e82tOnlC_8nzHszc-QYR18WjcIYd4GWOkx_PSaEwIPgkQ4CDw5dRThVxbmgCcfrz0gG9jfIQ7z-g6IHBxk8q8FI8aSUOB57tojOhkVtETICUfHE-_TVZtECjebk4N1dfijeEwuG435GtFJ-lnOcztvHRf5igqrrQB-wI6ferMNfOl-OOWPOr79Neji7M63YpKo-ChGzKU0NDnE3ASgupXuqc76ZV1P8vivc0Lvszw7JvqA80oVB7lEZlYS30wqvL6D4xxgz3jBHszeWYT9PF2Du5N3I5J5eA9hpKFn1dAYEArQ9cX17mBzGWPSUqFVmq4ieGAA/https%3A%2F%2Fwww.hubspot.com%2Fabuse-complaints%29 >>> I'm not sure how much good it'll do, but I did get a response from >>> that. If the rest of you also report it, it might make a difference. >>> He did say they "will be investigating to ensure compliance with our >>> acceptable use policy." >>> >>> And, in reference to another post: I did not go to Share; I did not >>> subscribe; it was sent to this edress which I use *only* for IBM Main. >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> . >>> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> . >> > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > . > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
