![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Spam looks like a bounce
Mike Easter
MikeE at ster.invalid
Fri Feb 25 12:59:21 EST 2005
Kevin Davidson wrote:
> I posted a spam over in the spam area under the title "Spam looks
> like a bounce". I changed my real email name to "me" and my domain to
> "mydomain". I have an email account, me at acm.org, which forwards to
> me at mydomain.org.
>
> I'm having a hard time understanding what this is and where it came
> from. It appears at first glance like a bounced message, only I didn't
> send it. Mainly I'm asking how to read the headers.
Bounce is an ambiguous term to me, so I'll avoid it
You received a newmail header containing these Received tracelines
Abbreviated Received tracelines
from mydomain5 by lucy3.trkhosting.com
from [199.222.69.92] (helo=alias2.acm.org) by lucy3.trkhosting.com
from alias2.acm.org by alias2.acm.org
which consisted of 3 parts delineated by boundary lines
- a little body 'The original message...'
- DNS delivery-status - failed
- original message
where the original message contained these Received tracelines
Abbreviated Received tracelines *comment
from psmtp.com ([64.18.2.110]) by alias2.acm.org *relay output,
timestamp discrepancy
from source ([61.223.8.68]) by exprod7mx60.postini.com *source
64.18.2.110 looks like a postini server, which doesn't show me a port 25
just now. It may just be an output server and postini isn't showing its
input server's IP in the headers.
61.223.8.68 rDNS 61-223-8-68.dynamic.hinet.net - shouldn't be able to
relay thru' the postini and there shouldn't be a timestamp discrepancy
there; so I don't know exactly what's going on. SC reads that as being
sourced by the hinet, which I do too, but postini should also be
notified, that's a 'bad' relay activity which looks open or promiscuous.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list