![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Spamcop Misreading Headers
N. Miller
nobody at spamcop.net
Tue Jul 5 01:02:25 EDT 2005
On Mon, 4 Jul 2005 11:47:54 -0400, McWebber wrote:
> With the headers below, Spamcop parses it and skips the real header and
> picks the fake 179.243.186.188 as the IP to lart.
> abuse#iana.org at devnull.spamcop.net and for some reason doesn't want to lart
> abuse at cybercity.dk for 217.157.61.45 which is the ultimate source of the
> spam
Interesting. Sam Spade is not fooled, but running your headers results in
this tracker:
http://www.spamcop.net/sc?id=z782224777z0a198f6cfa8ad5016f6589da2edfd169z
Apparently the originating IP address is close to the IP address of the MX
server for the domain listed, and SC thinks it is a trustable relay. Odd
that SC can't see, as Sam Spade does, that the IP address isn't a valid
block of IP addresses.
Sam Spade says:
---------------
07/04/05 23:52:25 Input
The Received: headers are the important ones to read
My comments are just hints, and should be considered only
an opinion. I may have guessed wrong, or things may have
changed since I was written
Return-Path: <hrvatina at online.hr>
Received: from omega.adventist.dk ([217.157.61.45]) by
redacted (8.10.2/8.10.2) with SMTP id j64EUrK10943 for
<me at example.com>; Mon, 4 Jul 2005 09:30:53 -0500
This received header was added by your mailserver
redacted received this from omega.adventist.dk
(IP addresses match)
Received: from xbnq (179.243.186.188) by
omega.adventist.dk; Mon, 4 Jul 2005 16:31:25 +0200
omega.adventist.dk received this from someone claiming
to be xbnq
This host doesn't exist, so all headers below this one
are probably forged
Message-ID: <006b01c4b5e6$18170c27$d69d6449 at xbnq>
---------------
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.
More information about the SpamCop-Help
mailing list