Re: [SLUG] [OT] spam with slug as return path

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sat Jun 18 2005 - 09:48:12 EDT


On Sat, Jun 18, 2005 at 01:42:34AM -0400, chris lee wrote:

> im getting these pretty much every day now.
>
> Delivered-To: chris.a.lee@gmail.com
> Received: by 10.54.33.35 with SMTP id g35cs13639wrg;
> Fri, 17 Jun 2005 13:27:18 -0700 (PDT)
> Received: by 10.54.106.2 with SMTP id e2mr1459251wrc;
> Fri, 17 Jun 2005 13:27:18 -0700 (PDT)
> Return-Path: <owner-slug-track29@slug-list-00.nks.net>
> Received: from slug-list-00.nks.net (slug-list-00.nks.net [209.34.226.205])
> by mx.gmail.com with ESMTP id 28si1440292wrl.2005.06.17.13.27.14;
> Fri, 17 Jun 2005 13:27:18 -0700 (PDT)
> Received-SPF: pass (gmail.com: best guess record for domain of
> owner-slug-track29@slug-list-00.nks.net designates 209.34.226.205 as
> permitted sender)
> Received: from 24.158.121.64 (kpt-c-24-158-121-64.chartertn.net
> [24.158.121.64])
> by slug-list-00.nks.net (8.13.3/8.13.3/Debian-9icb) with SMTP
> id j5HKJQ00004164
> for <slug-track29@slug-list-00.nks.net>; Fri, 17 Jun 2005 16:19:28
> -0400
> Message-Id: <200506172019.j5HKJQ00004164@slug-list-00.nks.net>
> From: "allianzagency@zwallet.com" <allianzagency@zwallet.com>
> Subject: WINNING NOTIFICATION(FILE FOR CLAIMS)
> To: slug-track29@slug-list-00.ssn.nks.net
> Content-Type: text/plain;
> charset="ISO-8859-1"
> Reply-To: manlichdeyoung@i12.com
> Date: Sat, 18 Jun 2005 17:57:14 +0200
> X-Priority: 3
> X-Mailer: Internet Mail Service (5.5.2650.21)

As is usually the case, I strongly suspect this is spoofed. Crackers are
getting quite good at spoofing headers, and sometimes the smallest
detail gives them away. In this case, one of the clues is that the
Reply-To header is wrong for a piece of SLUG List mail.

Here's what's even more fun. Every time someone spoofs email from the
SLUG List and it bounces, I get a copy of the bounce. Like I don't get
enough spam already. ;-}

Paul
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:14:32 EDT