[SC-Help] Re: Just received the strangest spam...

[Mike Easter]

Aviatrix wrote:
> Done! (You'll find it under the same subject line as this one)

That's the problem with 'reading' your spam, you end up going down
strange blind alleys trying to get inside the head of the spammer.

The important [to me] characteristic of this item is that it has
'bogosity' in the headers - that is, the source is an abused proxy
221.124.168.125 listed 'all over the place' - numerous proxy db/s and
spamcop - and it is 'pretending' to be from somewhere else;  ie the From
'matches' with bogus headers under the source - so it was intentionally
designed to mislead 'on the surface' ie the From, namely the
kyokofukada.net junk.

Once you've stepped into that 'league' then you are playing the 'what is
this spammer trying to do' question.

>From your investigation you would determine to /not/ be notifying the
providers for the 'spamvertised' website/s - the one the link shows or
bajacortez - but simply the source, who probably has been notified
plenty, considering how many db/s it is in.  I did a GET on the
sewanee.conf website;  nothing helpful there.

So, as far as I get is spammy headers, 'nonsense' body.

-- 
Mike Easter
kibitzer, not SC admin