[thelist] clueless spamming

Ken Schaefer ken at adOpenStatic.com
Mon Jan 6 18:37:01 CST 2003 

Is the message below one of the purported spam messages? If so, then the
only line that can be trusted is the one recorded by the final recipient,
which I believe is this one:

: Received: from ns24.ifo.net ([213.229.58.242]) by viefep13-int.chello.at
: (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id
: <20021231151149.YBDH7442.viefep13-int.chello.at at ns24.ifo.net> for
: <ahk at chello.at>; Tue, 31 Dec 2002 16:11:49 +0100

Now, is 213.229.58.242 in your "address range"? I doubt you have an "address
range" unless you're an ISP, a very large company or a research institution.
In any of these cases, you should contact your network people.

Now: You can't stop people putting someone at yourdomain.com as the From:
address. From: (and ReplyTo: addresses can be set to anything you like). If
the spammer is using their own mail server, or can find an "open relay"
(unsecured mailserver that delivers mail to anyone from anyone), then
they're set.

This is different to someone using your IP address to send mail. If you're
running your own mailserver, and you allow "open relaying" (ie you allow
anyone to send mail to anyone else), then you need to shut this off ASAP.
This is what can be found via the SMTP headers (which mailserver was used to
relay the mail).

Cheers
Ken

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "D.B." <webmaster at sci-web.com.ar>
Subject: [thelist] clueless spamming


: I've received a message from someone telling me that some bulk mail was
sent
: from my domain or my IP range, and that he didn't wish to receive more in
the
: future. He sent this to an alias ('barcia.org') for my personal Yahoo
: account, an alias that has been published in a website without anti-spam
: techniques so that it is beeing spammed sometimes, but I don't know how
this
: could be done. Below is the headers he sent along, in which I don't find
any
: clue, but the message was sent to my alias:
:
: Return-Path: <no_reply at sing.com>
: Received: from ns24.ifo.net ([213.229.58.242]) by viefep13-int.chello.at
: (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id
: <20021231151149.YBDH7442.viefep13-int.chello.at at ns24.ifo.net> for
: <ahk at chello.at>; Tue, 31 Dec 2002 16:11:49 +0100
: Received: from localhost.com ([66.75.43.9]) by ns24.ifo.net
: (8.12.3/8.12.3/Debian -4) with SMTP id gBVFBaMY028094 for <ahk at hwh.cc>;
Tue,
: 31 Dec 2002 16:11:42 +0100
: Message-Id: <200212311511.gBVFBaMY028094 at ns24.ifo.net>
: From: no_reply at sing.com
: Reply-To: no_reply at sing.com
: To: ahk at hwh.cc
: Date: Tue, 31 Dec 2002 23:12:36 +0800
: Subject: Bullet proof bulk email friendly web hosting
: X-Mailer: Microsoft Outlook build 5.00
: MIME-Version: 1.0
: Content-Type: text/html; charset="iso-959-1"
: Content-Transfer-Encoding: quoted-printable
:
: I would greatly appreciate any help on preventing this from happening, if
I
: could do anything...

More information about the thelist mailing list