Paul,
Here's an extract from a header from a spam I recieved this a.m. It clearly
shows how the information describing each host it passed through has not
been verified, (each line ought to receive from the recipient of the line
below) and no action has been taken to block this mail where names and
addresses don't match.
What I think is important is that the IP address of the top entry is an open
relay, and the lower ones dont accept connections on port 25 at all. Which
suggests to me that this is a live example of the scenario you set out a few
days ago.
I should also point out that it is also clear from a little research that
this is not connected at all with Edinburgh University (ed.ac.uk) whos name
has been used maliciously by the spammer.
Received: from ed.ac.uk ([194.172.112.34])
by mx0.dircon.net (8.9.1.Dirconised/8.9.1) with SMTP id AAA13183
for <[EMAIL PROTECTED]>; Fri, 29 Mar 2002 00:59:01 GMT
Received: from unknown (HELO rly-xr02.nikavo.net) (127.38.79.237)
by symail.kustanai.co.kr with SMTP; 28 Mar 2002 15:00:03 -0300
Received: from smtp013.mail.yahou.com ([211.199.191.200])
by rly-xr01.nihuyatut.net with local; 28 Mar 2002 11:55:00 +0100
Received: from unknown (HELO rly-xw01.otpalo.com) (132.118.28.155)
by n7.groups.huyahoo.com with asmtp; Thu, 28 Mar 2002 12:49:57 +1100
Received: from unknown (HELO q4.quickslow.com) (176.200.210.157)
by web.mail.halfeye.com with smtp; Thu, 28 Mar 2002 23:44:54 +0100
This mail would not have got to me had the open relay been closed, or if it
had verified the Recieved headers for internal consistency, without recourse
to any enhanced SMTP functionality, or network services of any kind (DNS
etc).
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
