[SpamCop-List] Re: "Straightup" with Forged Headers?
g.hyde at bigpond.net.au
Tue Feb 14 10:11:25 EST 2006
I am seeing a lot of spam lately coming out of one part of the .cn domain or
another, or at the very least, getting reported there. I can get 5-6 spams
a day, may not seem like much, but then I don't keep track of it all, I just
SC report it and wait to see if reporting has any actual effect.
If anyone is interested in these spams, drop me an email to my inbox, I'll
see if I can forward on the spams that come in (I delete them as I get them,
because they're rubbish) onto you for further analysis.
Although, it's as likely as not that it's one of those SpamGangs (IE Ralsky
or whoever) behind all of this rubbish I keep getting in my inbox.
"Mike Easter" <MikeE at ster.invalid> wrote in message
news:dsqh1i$2h3$1 at news.spamcop.net...
> Ellen wrote:
>> "Michael Brennan"
>>> If the header weren't forged, it'd be a
>>> straight-up spam from a ChinaTieTong MX.
> I wouldn't call 22.214.171.124 no rDNS an MX. It /is/ CRTC .cn tietong
> CRTC = CHINA RAILWAY TELECOMMUNICATIONS CENTER
>> I don't see any header forgery.
> I think this line is bogus
> Received: from preston0 ([127.0.0.1]) by writely.com with Microsoft
> SMTPSVC(6.0.3790.1830); Mon, 13 Feb 2006 06:50:04 -0800
> The evidence at psbl shows direct to mx from the 126.96.36.199 and cbl
> thinks it is a proxytrojan, so there shouldn't be any server writely in
> there. Atho' the timestamp fits.
> Mike Easter
> kibitzer, not SC admin
More information about the SpamCop-List