> I'm just trying to decide what the best way to deal with this particular > message.
Block the offending IP is usually most effective, but realize this can block valid mail if the IP is some sort of a relay. > Also, I was wondering why they had my brand new imgate machines listed > in the "to:" area. Typical spam trick/symptom. It is one way of doing a dictionary attack. > ~Casey > > > > Received: from gate3.touchfon.com [207.173.91.121] by touchfon.com with > ESMTP > (SMTPD32-7.12) id ACD632D01C0; Fri, 03 Jan 2003 05:06:46 -0700 > Received: from solo10.abac.com (solo10.abac.com [216.55.128.39]) > by gate3.touchfon.com (Postfix) with ESMTP id C6CBB1048F > for <[EMAIL PROTECTED]>; Fri, 3 Jan 2003 04:57:46 +0000 (GMT) > Received: (from nobody@localhost) > by solo10.abac.com (8.11.6+Sun/8.11.3) id h03BvjI12467; > Fri, 3 Jan 2003 03:57:45 -0800 (PST) > Date: Fri, 3 Jan 2003 03:57:45 -0800 (PST) > Message-Id: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, [EMAIL PROTECTED], > <[EMAIL PROTECTED]>, [EMAIL PROTECTED], > <[EMAIL PROTECTED]>, [EMAIL PROTECTED], > <[EMAIL PROTECTED]>, [EMAIL PROTECTED], > <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > From: [EMAIL PROTECTED] ([EMAIL PROTECTED]) > Subject: GET YOUR FREE TRIAL TODAY! ty48 > X-RCPT-TO: <[EMAIL PROTECTED]> > Status: U > X-UIDL: 334766076 You could also do some header checks to look for that subject, but this is a weaker test that eats up more resources. Perhaps a client block on abac.com if they just change the solo10 part and keep sending you spam. --Eric
