> So I don't believe they are actually spamming from me or even
> relaying across my servers, but they are using one of my addresses
> in the return address.
That's one of the types of spammers that deserves to go to jail for what they are
doing. Most E-mail programs let you put any address you want as the return address,
regardless of the server you send from.
> Headers from SPAM sent apparently by one of my free e-mail users
> Received: from 8tdonr.fortune2.com (ip94.saginaw.mi.pub-ip.psi.net
> [38.11.209.94]) by jamd370.majors.com (8.8.6 (PHNE_17190)/8.8.6)
> with SMTP id XAA24736; Tue, 9 May 2000 23:16:18 -0500 (CDT)
If those are all the "Received:" lines in the headers, then the user that received the
E-mail uses the majors.com mail server. The majors.com mail server received the spam
from IP address 38.11.209.94, which it resolved via DNS to
ip94.saginaq.mi.pub-ip.psi.net (which was claiming to be 8tdonr.fortune2.com).
Since the real domain name (ip94...) looks suspiciously like a dialup account on PSI,
and fortune2.com doesn't have an IP address, it looks like the spammer used his PSI
account to send the spam directly to the recipient (not using a relay).
In any case, psi.net is the responsible party (er, irresponsible party), and there's
nothing you can do (besides legal action that would likely go nowhere) at this point.
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
