On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote: > Here are examples of the Received Headers for the type of spam > that are being sent with forged email addresses for a domain that > I host.
The Received headers in spams cannot be trusted, except for the Received headers put in by relays run by *you* or someone you trust. Received headers are trivially easy to forge and cary very little useful information in spams. > These at the last 10 bounced messages that I received, so it is > fairly representative. It's not clear from your description whether these Received headers are from the spams or from the bounces. > I send complaints to the abuse email address listed in the WHOIS > record for this IP Address. As I said above, you can't trust a Received header unless your server put it there. If you are responding to the earliest Received header in a spam, then you are at best wasting your time, at worst confirming the validity of your email address. > Do you think that these are victims of some sort that their ISP > would want to help? You need to contact the ISP that sent you the bounce message, NOT the ISP that sent the spam. The ISP that the spammer targeted is the one you want to talk into implementing SPF checks. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Apparently the Bush/Rove idea of being a "fiscal conservative" is to spend money like there's no tomorrow, run up huge deficits, and pray the Rapture happens before the bills come due. -- atul666 in Y! SCOX forum -----------------------------------------------------------------------