On 07/22/02 at 16:45, Matthew Hill wrote:
> Hey guys
> I have someone spoofing my domain. I would really like to find them and
> make them stop. It is starting to make us look pretty bad. I turned
> on the unknown account long enough to get one of the bounces. So
> everyone does not tell me to turn off the unknown account.
> Can someone give me an idea on how to get this to stop?
> Thanks
> Matthew
>
> Here is one of the bounces.
Unfortunately, the 'From' and 'Return-Path' header lines, and any other
header lines for that matter, are trivially easy to forge. There's not much
you can do about it. The upside of that is that any mail server admin worth
her/his salt should easily recognize that those headers are forged in the
sample you provided, so they won't blame it on you. The recipients of the
spam mostly won't be so savvy, though.
> From: [EMAIL PROTECTED]
> Date: Mon Jul 22, 2002 04:39:30 PM US/Pacific
> To: [EMAIL PROTECTED]
> Subject: failure notice
>
> Hi. This is the qmail-send program at bsd6.nyct.net.
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[EMAIL PROTECTED]>:
> 216.139.128.14 does not like recipient.
> Remote host said: 550 5.1.1 <[EMAIL PROTECTED]>... User unknown
> Giving up on 216.139.128.14.
>
> --- Below this line is a copy of the message.
>
> Return-Path: <[EMAIL PROTECTED]>
> Received: (qmail 1925 invoked from network); 22 Jul 2002 23:39:28 -0000
> Received: from evrtwa1-ar3-087-234.evrtwa1.dsl-verizon.net (HELO
> 4.41.240.6) (4.35.87.234)
> by bsd6.nyct.net with SMTP; 22 Jul 2002 23:39:28 -0000
> Received: from unknown (189.234.223.231) by rly-xr02.mx.aol.com with
> esmtp; Jul, 22 2002 6:23:27 PM +1100
> Received: from ssymail.ssy.co.kr ([115.212.44.160]) by hd.regsoft.net
> with asmtp; Jul, 22 2002 5:16:19 PM -0000
> Received: from 192.249.166.5 ([192.249.166.5]) by rly-xw05.mx.aol.com
> with NNFMP; Jul, 22 2002 4:36:11 PM +0700
> From: nnyBERT <[EMAIL PROTECTED]>
> To: #recipient#
> Cc:
> Subject: . ukcqk
> Sender: nnyBERT <[EMAIL PROTECTED]>
> Mime-Version: 1.0
> Content-Type: text/html; charset="iso-8859-1"
> Date: Mon, 22 Jul 2002 18:36:40 -0500
> X-Mailer: The Bat! (v1.52f) Business
> X-Priority: 1
>
> ..
>
> hweaiajccsnbxmstyfxwqdsfptrboccwbpdpe
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
