[SpamCop-List] Re: Seemingly same spam, same date and time, etc.

[Blammo]

On 19 Jul 2005 J G entered spamcop and left 
news:dbkdkv$cpe$1 at news.spamcop.net:

> http://www.spamcop.net/sc?id=z787813312z41654b0a182c67501630b429c6ba467cz
> http://www.spamcop.net/sc?id=z787817112z9cf5fdc7e8df132cc36a37ee3fcbbfe8z
> 
> Good object lesson here...
> 

Yes, the date header is forged, look at the last part of the first Received 
header:
 Tue, 19 Jul 2005 21:27:46 -0400
 Tue, 19 Jul 2005 21:27:56 -0400

Obviously they are not the same message since the source IP is different, 
but they probably look the same when just viewing the message list. Also in 
the same header the ESMTP id is different. That header is added by cox.net, 
and is proof this was two seperate connections.
Interesting bit of forgery after that, cox should be blowing those off.

BTW, if you want, you can leave out the Mozilla headers, the X-Mozilla-
Status2 and everything above that is added by Thunderbird. When I forward 
mail those headers are not there. When you use copy-paste with CTRL-A of 
course it selects all, so you would have to learn to do a "click, End, 
Shift+click" (Ctrl+Shift+End doesn't work here) - which may be more trouble 
than you want to go through.

-- 
| Ric
|