[Moving in the direction of -chat...] On Sun, Aug 27, 2006 at 08:10:29AM +1000, Peter Chubb wrote: > > > Hi, > Dunno about you, but for some reason the spammers like using > my email address to send their junk mail out. Usually it's pretty > easy to see that the message is a spoof. But recently, they've been > adding Received: lines that have my external MX in a plausible place.
That's a pretty implausible "plausible" though -- why would your outgoing MX send through a Dutch ADSL link? I'll concede that it's certainly raising the analysis bar from "quick glance" to "look and engage brain". The old rule of "only trust the Recieved: headers your MTA added" still works, though. > > For example: > > Received: from mx0.comscore.com (cp864846-a.dbsch1.nb.home.nl [84.31.103.193]) > by CSIADSFG02.comscore.com (Spam Firewall) with SMTP id BE637D0091A7 > for <[EMAIL PROTECTED]>; Sat, 26 Aug 2006 16:28:50 -0400 (EDT) > Received: from mx.chubb.wattle.id.au > by cp864846-a.dbsch1.nb.home.nl (Exim 4.05) with ESMTP id INmq81f3ythTW > for <[EMAIL PROTECTED]>; Sat, 26 Aug 2006 20:26:12 -0300 > Received: from [27.77.157.95] > by mx.chubb.wattle.id.au with ESMTP (8.13.1/8.13.1) id ekhRuXR5yUlMn > for <[EMAIL PROTECTED]>; Sat, 26 Aug 2006 20:23:13 -0300 > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Date: Sat, 26 Aug 2006 20:15:08 -0300 > Message-ID: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > This email actually originated from cp864846-a.dbsch1.nb.home.nl > which appears to be a dialup or adsl or something in Holland. > The timezone is the clue... mx.chubb.wattle.id.au is in New York, and > I'm in Sydney so the TZ on the datestamps should be different... > > Peter C > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
