OT - my domain must have become a spammer's source
David G. Miller (aka DaveAtFraud)
dave at davenjudy.org
Sun Aug 28 14:23:15 UTC 2005
Tim <ignored_mailbox at yahoo.com.au> wrote:
>On Sun, 2005-08-28 at 11:13 +0700, Fajar Priyanto wrote:
>
>
>
>>> You can try view the source of the email. In Kmail > open the email > view
>>> source (press v).
>>>
>>> Such as:
>>> Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com
>>> [10.8.4.110])
>>> by hormel.redhat.com (Postfix) with ESMTP
>>> id B5FC473241; Sun, 28 Aug 2005 00:00:28 -0400 (EDT)
>>> Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
>>> [172.16.52.254])
>>> by listman.util.phx.redhat.com (8.12.11/8.12.10) with ESMTP id
>>> j7S40HJm021177 for <fedora-list at listman.util.phx.redhat.com>;
>>> Sun, 28 Aug 2005 00:00:17 -0400
>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
>>> by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j7S40GV03583
>>> for <fedora-list at redhat.com>; Sun, 28 Aug 2005 00:00:16 -0400
>>> Received: from fed1rmmtao11.cox.net (fed1rmmtao11.cox.net [68.230.241.28])
>>> by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j7S40EjP007604
>>> for <fedora-list at redhat.com>; Sun, 28 Aug 2005 00:00:15 -0400
>>> Received: from [68.101.182.212] by fed1rmmtao11.cox.net
>>> (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP
>>> id <20050828040009.LAMF12158.fed1rmmtao11.cox.net@[68.101.182.212]>
>>> for <fedora-list at redhat.com>; Sun, 28 Aug 2005 00:00:09 -0400
>>>
>>>
>>> The last paragraph is the first person who sent it. Then you can contact the
>>> ISP/or the person.
>>
>>
>
>You do have to be careful with your analysis. Sometimes the *last* one
>is the spammer, preloading the headers by routing their mail through
>their own, or other systems. You don't want to complain to the spammer
>about their spam.
>
> -- Don't send private replies to my address, the mailbox is ignored. I
> read messages from the public lists.
>
At one time, SpamCop provided a service to parse spam e-mail headers and
anonymously contact the ultimate sender's ISP. Not sure if SpamCop
still provides this service or even still exists.
Their service was more useful back in the days when spammers didn't use
zombies since SpamCop also provided a RBL for those who wouldn't stop
spamming. These days SpamCop can't blacklist someone like AOL so the
best thing that happens is the ISP blocks outbound port 25 traffic from
the zombie which just means the spammer moves to their next zombie.
I see a handful of these from time to time. Nothing as severe as what
you're seeing. Just bounces in my inbox of e-mails I didn't send.
Cheers,
Dave
More information about the fedora-list
mailing list