Re: [SLUG] just received genuine spam on this list

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sun May 16 2004 - 17:14:21 EDT

On Sat, May 15, 2004 at 07:25:34PM -0400, Eben King wrote:

> Here are the headers:
>
> Return-Path: <owner-slug-track29@slug-list-00.nks.net>
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by pc.tampabay.rr.com (8.12.5/8.12.5) with ESMTP id i4FNN4Xh018236
> for <eben@localhost>; Sat, 15 May 2004 19:23:04 -0400
> Received: from pop-server.tampabay.rr.com [65.32.5.45]
> by localhost with POP3 (fetchmail-5.9.0)
> for eben@localhost (single-drop); Sat, 15 May 2004 19:23:04 -0400
> (EDT)
> Received: from ms-mta-02 (ms-mta-02-smtp [10.10.4.6])
> by ms-mss-01.tampabay.rr.com
> (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
> with ESMTP id <0HXS00F3Z1QF4H@ms-mss-01.tampabay.rr.com>; Sat,
> 15 May 2004 18:42:16 -0400 (EDT)
> Received: from flmx01.mgw.rr.com (flmx01.mgw.rr.com [65.32.1.38])
> by ms-mta-02.tampabay.rr.com
> (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
> with ESMTP id <0HXS005UO1QFAX@ms-mta-02.tampabay.rr.com>; Sat,
> 15 May 2004 18:42:15 -0400 (EDT)
> Received: from slug-list-00.nks.net (slug-list-00.nks.net [24.73.115.205])
> by flmx01.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i4FMg8fV016767;
> Sat,
> 15 May 2004 18:42:08 -0400 (EDT)
> Received: from n2now967.com ([195.166.237.40])
> by slug-list-00.nks.net (8.12.3/8.12.3/Debian-5.1) with SMTP id
> i4FMTAmR020555
> for <slug-track29@slug-list-00.nks.net>; Sat, 15 May 2004 18:29:13
> -0400
> Date: Sat, 15 May 2004 15:31:00 -0700
> From: MRS MARY TAYLOR <marytaylor09@yahoo.com>
> Subject: urgent
> To: slug-track29@slug-list-00.nks.net
> Reply-to: marytaylor09@yahoo.com
> Message-id: <200405152229.i4FMTAmR020555@slug-list-00.nks.net>
> MIME-version: 1.0
> X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
> Content-type: text/plain; charset=us-ascii
> X-Virus-Scanned: Symantec AntiVirus Scan Engine
> Content-Transfer-Encoding: 8bit
> X-MIME-Autoconverted: from quoted-printable to 8bit by pc.tampabay.rr.com
> id i4FNN4Xh018236

This is a case where what _looks_ real isn't. Most of the addresses here
are spoofed. Although the "To:" header says one thing, the envelope
header is something else, which is why it got to you, but not to the
list in general.

It's a case of harvesting and spoofing.

Paul

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:28:02 EDT