On Tue, 13 May 1997, David Stoddard wrote:
of our engineers called them this afternoon, they said they were innocent because someone was using them as a relay -- nice try, but if they were a relay, we should not have seen any messages other than those destined for addresses on our network. Instead, we got the entire spam feed. They even went so far as to insert forged Received headers into the messages to try and throw us off.
Maybe in this case you were being sharked, but before we got everything clamped down on our servers we saw a number of spammers who were 'multi-hopping' their UCE and including faking headers and sending false HELO data. The excerpt below from my archives shows them bouncing mail off our server, to iea.com, and then to AOL. The real originator was at rmii.com, but they attempted to put in some semi-fake headers before that. I guess the moral of the story is "trust no one, and filter, filter, filter..." Sad, but true. Ed -------- Ed Landa ComStar Communications Corp. 770-333-8779 ----------------------- Headers --------------------------------
From secretshopping@infinite.com Thu Apr 17 05:22:57 1997 Return-Path: <secretshopping@infinite.com> Received: from comtch.iea.com (comtch.iea.com []) by emin41.mail.aol.com (8.8.5/8.8.5/AOL-2.0.0) with ESMTP id FAA02072; Thu, 17 Apr 1997 05:22:55 -0400 (EDT) From: secretshopping@infinite.com Received: from matlock.comstar.net (matlock.comstar.net []) by comtch.iea.com (8.8.5/8.8.5) with ESMTP id JAA19149; Thu, 17 Apr 1997 09:22:49 GMT Received: from comstar.net (slip156.rmii.com []) by matlock.comstar.net (8.8.5/8.7.1) with SMTP id FAA01899; Thu, 17 Apr 1997 05:22:46 -0400 Received: from You&I@infinite.com by infinite.com (8.8.5/8.6.5) with SMTP id GAA08242 for <You&I@infinite.com>; Thu, 17 Apr 1997 01:22:10 -0600 (EST) To: You&I@infinite.com Message-ID: <1992077.777@infinite.com> Date: Thu, 17 Apr 97 01:22:10 EST Subject: Why not make money shopping. . . instead of spending money! X-PMFLAGS: 128 0 X-UIDL: 1234567891011121314151617181920mabcdefghijk Comments: Authenticated sender is <powerinfo@infinite.com>