At 4:45 PM -0700 7/22/02, Matthew Hill imposed structure on a stream of electrons, yielding: >Hey guys >I have someone spoofing my domain. I would really like to find them >and make them stop. It is starting to make us look pretty bad. I >turned on the unknown account long enough to get one of the bounces. >So everyone does not tell me to turn off the unknown account. >Can someone give me an idea on how to get this to stop? >Thanks >Matthew > >Here is one of the bounces. > >From: [EMAIL PROTECTED] >Date: Mon Jul 22, 2002 04:39:30 PM US/Pacific >To: [EMAIL PROTECTED] >Subject: failure notice > >Hi. This is the qmail-send program at bsd6.nyct.net. >I'm afraid I wasn't able to deliver your message to the following addresses. >This is a permanent error; I've given up. Sorry it didn't work out. > ><[EMAIL PROTECTED]>: >216.139.128.14 does not like recipient. >Remote host said: 550 5.1.1 <[EMAIL PROTECTED]>... User unknown >Giving up on 216.139.128.14. > >--- Below this line is a copy of the message. > >Return-Path: <[EMAIL PROTECTED]> >Received: (qmail 1925 invoked from network); 22 Jul 2002 23:39:28 -0000 >Received: from evrtwa1-ar3-087-234.evrtwa1.dsl-verizon.net (HELO >4.41.240.6) (4.35.87.234) > by bsd6.nyct.net with SMTP; 22 Jul 2002 23:39:28 -0000
That's the only credible Received header. The others are obviously bogus (the PM in the timestamps are a perfect giveaway, even if they didn't also make npo sense. That means that mail got to the machine that is bouncing it from a Verizon DSL connection. (4.35.87.234, aka evrtwa1-ar3-087-234.evrtwa1.dsl-verizon.net) That appears to be an open proxy, so while a lawyer might be able to get Verizon to tell you who owns the machine on that link, it won't do you any good: the owner is an idiot who runs an open proxy. The place to target is whoever is paying to get that spam sent. Surely some of the spams must have actual content being advertised, and that will lead you to who it is that is paying to have it sent. That knowledge and a lawyer and a pile of money might get the spam to stop. (I know, that's not a very pretty answer.) -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
