[SC-Help] Re: Just received the strangest spam...
MikeE at ster.invalid
Thu Apr 8 04:36:57 EDT 2004
> Done! (You'll find it under the same subject line as this one)
That's the problem with 'reading' your spam, you end up going down
strange blind alleys trying to get inside the head of the spammer.
The important [to me] characteristic of this item is that it has
'bogosity' in the headers - that is, the source is an abused proxy
22.214.171.124 listed 'all over the place' - numerous proxy db/s and
spamcop - and it is 'pretending' to be from somewhere else; ie the From
'matches' with bogus headers under the source - so it was intentionally
designed to mislead 'on the surface' ie the From, namely the
Once you've stepped into that 'league' then you are playing the 'what is
this spammer trying to do' question.
>From your investigation you would determine to /not/ be notifying the
providers for the 'spamvertised' website/s - the one the link shows or
bajacortez - but simply the source, who probably has been notified
plenty, considering how many db/s it is in. I did a GET on the
sewanee.conf website; nothing helpful there.
So, as far as I get is spammy headers, 'nonsense' body.
kibitzer, not SC admin
More information about the SpamCop-Help