[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT - has my email domain been hijacked?



Kevin, it's called a "Joe Job". It is exceptionally common. Headers in
email are pathetically easy to forge as far as the ones that existed
while the email was still on the sender's machines. Often if you trace
the received headers you find "discontinuities" in the chain if the
spammer bothered to forge them anymore. This is one of the things that
automated tools like SpamAssassin have gotten pretty good at finding.
The spammers are into cleverer tricks these days. Spammers still use
the "Joe Job", the forged sender, most of the time. I use it as one of
my customized SpamAssassin rules, as a matter of fact. It's part of a
set of rules and meta rules that can work on my addresses.

{^_^}    Joanne
----- Original Message ----- From: <kevin kempter dataintellect com>


Returned mail: User unknown
Hi List;

I keep getting emails similar to the text below. I/We own the domain
dataintellect.com and we have email addresses setup however I always see a
bogus dataintellect.com email address as the sender.

-or is this simply a random spam email?

Thanks in advance for any advice...


================================================

From:
Mail Delivery Subsystem <MAILER-DAEMON aol com>
 To:
carina_x dataintellect com
 Date:
Today 13:31:26

 Spam Status: Spamassassin 0% probability of being spam.

Full report:
No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no  version=3.0.4
The original message was received at Wed, 14 Sep 2005 15:31:23 -0400 (EDT)
from client-201.230.112.161.speedy.net.pe [201.230.112.161]


... Lots of incidentalia removed

Received: from  client-201.230.112.161.speedy.net.pe
(client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
rly-yg02.mx.aol.com (v107.10) with ESMTP id MAILRELAYINYG23-26f43287a8232f;
Wed, 14 Sep 2005 15:31:21 -0400
Received: from mail.strawberrysampler.com ([64.118.71.80]) by 201.230.112.161
with ESMTP id 4868741;
        Wed, 14 Sep 2005 19:21:59 -0100
Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005 19:21:59
-0100
Date: Wed, 14 Sep 2005 19:21:59 -0100
Message-ID: <20050914 68664 carina_x dataintellect com>
From: "Men of Focus" <carina_x dataintellect com>
Sender: carina_x dataintellect com
         ^^^^^^^^^^^^^^^^^^^^^^^^^^ Pure forgery. You can do that even
with Outlook Express.

To: acardi cs com, adorablealicia cs com, aclaudet cs com, acarter5 cs com,
       acrader cs com
... More stuff removed
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]