Email headers are very easily forged. What's fun is when you start
receiving bounces from other sites that are mal-configured complaining
about the spam from your site based on the From and Reply-to headers
that have been forged. That's called a joe-job. And about all you can
do is delete the complaints and whine about it. Oh, you can make a vow
that you will never EVER find a spammer innocent of ANYTHING if you
find one on trial and you are in the jury. (Just don't tell the lawyers
or judges about that vow.) Of course, if paperwork does not bother you
and possible prison time is no worry then killing any spammer you meet
would meet with vast approval in most of the civilized world.
{o.o}
----- Original Message -----
From: "Thomas Lindell" <[EMAIL PROTECTED]>
Does that mean they just faked the headers?
I am new to mail administration only been doing it a couple of months now
and I appreciate all the help.
Thanks
Tom
-----Original Message-----
From: Stuart Johnston [mailto:[EMAIL PROTECTED]
I think you may be misreading the headers. This mail came from
pro75-3-82-234-174-1.fbx.proxad.net
[82.234.174.1] (a French ISP).
Thomas Lindell wrote:
Gah just when I thought I had spam problems resolved not it appears
someones able to send spam directly from the server
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost.airbornedatalink.com [127.0.0.1])
by adlsrv4.airbornedatalink.com (Postfix) with ESMTP id
19D3A34004
for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:52 -0500 (CDT)
X-Virus-Scanned: amavisd-new at adlmail.com
Received: from adlsrv4.airbornedatalink.com ([127.0.0.1])
by localhost (adlsrv4.airbornedatalink.com [127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id 63sUVcMA5Y1h for <[EMAIL PROTECTED]>;
Wed, 26 Jul 2006 10:41:47 -0500 (CDT)
Received: from burkeauto.com (pro75-3-82-234-174-1.fbx.proxad.net
[82.234.174.1])
by adlsrv4.airbornedatalink.com (Postfix) with SMTP id
402AB34001
for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:47 -0500 (CDT)
Message-ID: <[EMAIL PROTECTED]>
Reply-To: "Wojciech Doucette" <[EMAIL PROTECTED]>
From: "Wojciech Doucette" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: keiyqVjlAGRA
Date: Wed, 26 Jul 2006 08:37:50 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01C6B08E.C7334B30"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Antivirus: AVG for E-mail 7.1.394 [268.10.4/399
Based on this header I believe it's some sort of bounce attack or local
attack
Anyone have any thoughts I'm at my wits end
Tom
