[SC-Help] Fake Headers triggers Spamcop to send complaints to wrong ISP?

[Benoit Panizzon]

Hi all

I work on the Abuse Desk of Improware 157.161.0.0/16

We just got a quite strange Spamcop complaint about spam sent from an IP 
that according to our data is was not allocated to any customer during the 
time that email was sent.

I fear the whole Received: headers are faked, but don't manage to find out 
how spamcop is fooled by them. Usualy spamcop is quite sensitive in 
detecting fake MX chains etc...


eturn-Path: <tnewlandbnzq at ena-adv.com>
Received: from smtp4.libero.it (193.70.192.54) by ims4a.libero.it 
(7.2.059.5)
        id 439505A3000526E6 for becl at libero.it; Wed, 7 Dec 2005 01:07:04 
+0100
Received: from wpopcp.libero.it (172.16.1.35) by smtp4.libero.it 
(7.0.027-DD01)
        id 4369E43102FD6E43 for becl at libero.it; Wed, 7 Dec 2005 01:07:04 
+0100
Received-SPF: none (wpopcp.libero.it: 206.48.149.132 is neither permitted 
nor denied
by domain of ena-adv.com) client-ip=206.48.149.132; 
envelope-from=tnewlandbnzq at ena-
adv.com; helo=ipnat2.turbus.cl;
Received: from ipnat2.turbus.cl (ipnat2.turbus.cl [206.48.149.132])
	by wpopcp.libero.it (Postfix) with SMTP id 151927000097
	for <becl at libero.it>; Wed,  7 Dec 2005 01:07:02 +0100 (CET)
Received: from mail.monmouth.com (mail.monmouth.com [209.191.58.1])
	by ipnat2.turbus.cl (8.12.11/8.12.11) with ESMTP id 8Nsiv7C6i9qUxE
	for <becl at libero.it>; Tue, 6 Dec 2005 19:08:24 -0800
Received: from hdqfadojllrs (HELO lyvstufk) ([157.161.238.32])
	by mail.monmouth.com (Postfix) with ESMTP id IfbkkRgACXHG
	for <becl at libero.it>; Tue, 6 Dec 2005 19:08:24 -0800
Date: Tue, 6 Dec 2005 19:08:24 -0800
From: Edward Phipps <tnewlandbnzq at ena-adv.com>
Reply-To: Edward Phipps <tnewlandbnzq at ena-adv.com>
Message-ID: <309361725393.809955610549 at ena-adv.com>
To: <becl at libero.it>
Subject:  $EXTT0IZ



mail.monmouth.com is no MX for libero.it so probably the last Received or 
even more are fake. Why does spamcop not recognize them?

Regards
-Benoit-