![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Twice the headers
Mike Easter
MikeE at ster.invalid
Thu Feb 5 04:40:52 EST 2004
Dan Ric|-.ter wrote:
> I got a spam with the headers seemingly repeated. The first set of
> headers don't seem complete, but the second set might be forged. Can
> anyone tell me what's going on here?
Somehow those headers got 'bent', so putting them 'back together' might
be a problem, but I'll guess.
> Received: from 80.181.98.137 (HELO
> host137-98.pool80181.interbusiness.it)
Altho' I'm not familiar with where you would be receiving this item, I
think this is the sourceline, and that IP is listed in multiple db/s,
including scbl as well as proxy/insecure db/s. So my chain would end
there.
Headers are not supposed to contain empty lines, so clearly something
got broken.
> Received: from 104.51.239.250 by 80.181.98.137; Wed, 04 Feb 2004
> 18:24:48 -0600
Down here in the broken part of the header appears to be a bogus line
with a bad timestamp.
--
Mike Easter
More information about the SpamCop-List
mailing list