On Tue, 16 Mar 1999, Luke Welsh wrote:
> Hi All--
>
> As most of you know, Majordomo has always been configured to
> bounce posts from people who are not subscribed to the list.
> In the past, this has caught all the spam (and I have saved it
> all, anybody want copies?) Well, one spam did get through
> at the dawn of the Age Of Spam.
On the heels of this message came another spam. If this pisses you
off, you can complain to the postmaster at the ISP responsible.
<header-reading 101>
Look at the full header of the message, all of it. If you don't normally
see the full header, use unix mail or configure your reader to show it
to you.
The first parts is a (possibly large) list of Received: transactions, i.e.
Received: from acid.base.com (adsl-209-233-24-120.dsl.pacbell.net
[209.233.24.120])
by po2.glue.umd.edu (8.9.3/8.9.0.Beta6) with ESMTP id DAA20440
for <[EMAIL PROTECTED]>; Wed, 17 Mar 1999 03:35:53 -0500 (EST)
From: [EMAIL PROTECTED]
Received: (from majordomo@localhost)
by acid.base.com (8.8.5/8.8.5) id VAA12996
for mersenne-outgoing; Tue, 16 Mar 1999 21:52:01 -0800
Received: from www.bull.net (www.bull.net [192.90.127.17])
by acid.base.com (8.8.5/8.8.5) with ESMTP id VAA12992
for <[EMAIL PROTECTED]>; Tue, 16 Mar 1999 21:52:00 -0800
Received: from pegase.bull.fr (pegase.bull.fr [192.44.49.46]) by
www.bull.net (8.8.2/8.8.2) with ESMTP id GAA70746; Wed, 17 Mar 1999
06:49:48 +0100
Received: from dzbull.frdz.bull.fr (dzbull.frdz.bull.fr [129.184.3.21])
by pegase.bull.fr (8.9.2/8.9.1) with ESMTP id GAA38362;
Wed, 17 Mar 1999 06:35:58 +0100
It's the last Received: line that's of interest, because that's the
first server the message was routed through. None of the rest usually
matters, since spammers bounce messages all over the place to try
and hide their tracks. Likewise, the Reply-To field is always bogus.
(Is it becoming clear the sort of people we're dealing with?)
After you have a name to pin these people to, use "whois" on a Unix
system to tell you more about the ISP. Here, "whois bull.net" gives
lots of contact info (bull.net appears in one of the Received:'s, and
almost no spam originates from outside the US, so I'm ignoring the
French address bull.fr).
So send your politely-worded message to postmaster@<whatever host name>
and quote the full message. For uunet (the culprit in what started this
all), send mail to [EMAIL PROTECTED]; for AOL, try [EMAIL PROTECTED]
Almost no spam gets sent with the tacit approval of the underlying ISP,
and most ISPs are anxious to kill spammers. The more people who complain,
the better. Apologies if I insulted anyone's intelligence; I'm posting
this on the off-chance someone doesn't know it already.
jasonp
________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
