How do I block this?

public inbox for speakup@linux-speakup.org
 help / color / mirror / Atom feed

* How do I block this?
@  Janina Sajka
   ` Charles Hallenbeck
   ` Kirk Wood
  0 siblings, 2 replies; 5+ messages in thread
From: Janina Sajka @  UTC (permalink / raw)
  To: speakup, ma-linux

I've been trying to do my bit against spam recently. Among other things, I 
forward full headers to major services like abuse@yahoo.com, 
abuse@[whoever.xxx], and I keep an active kill filter which I add to 
dilligently. Among other things, as I said.

Recently, I came across the following header, and it has me befuddled. How 
did they manage to make me out like the bad guy? The to: field seems 
blank, but I'm the reply-to. Seems to me the culpirt may be an insecure 
sag01.pumford.com. Is that a reasonableguess? But how did they work it to 
make me the reply-to? And, might I be the reply-to in someone else's 
mailbox?

I'm just curious to learn a bit more.

 Return-Path: <janina//afb.net@165.212.14.253>
Received: from localhost (toccata.grg.afb.net [127.0.0.1])
        by toccata.dsl092-170-083.wdc1.dsl.speakeasy.net (8.11.6/8.11.6) 
with ESMTP id g0BA45u12826
        for <janina@localhost>; Fri, 11 Jan 2002 05:04:05 -0500
From: janina//afb.net@165.212.14.253
Received: from 165.212.14.253 [165.212.14.253]
        by localhost with POP3 (fetchmail-5.9.0)
        for janina@localhost (single-drop); Fri, 11 Jan 2002 05:04:05 
-0500 (EST)
Received: USA.NET MXFirewall, messaging filters applied; Fri, 11 Jan 2002 
10:02:26 GMT
Received: from emdvg003.eservices.usa.net [165.212.54.10] by 
umdvg002.cms.usa.net via mtad (53CM.1001.1.06)
        with ESMTP id 762gakkcw0058M02; Fri, 11 Jan 2002 10:02:23 GMT
Received: from sag01.pumford.com [64.7.165.19] by 
emdvg003.eservices.usa.net via mtad (ES.0801.2.03);
        Fri, 11 Jan 2002 10:02:28 GMT
Received: from QRJATYDI (216.208.16.34 [216.208.16.34]) by 
sag01.pumford.com with SMTP (Microsoft Exchange Internet Mail
    Service Version 5.5.2650.21)
        id CFA4V5AG; Fri, 11 Jan 2002 04:50:14 -0500
To:
Subject: Are you healthy and wealthy? You are lucky!
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Date: Fri, 11 Jan 2002 12:45:58 +-0800
Message-ID: <23245210@mbjdr>
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"

-- 

				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How do I block this?
   How do I block this? Janina Sajka
@  ` Charles Hallenbeck
     ` Janina Sajka
   ` Kirk Wood
  1 sibling, 1 reply; 5+ messages in thread
From: Charles Hallenbeck @  UTC (permalink / raw)
  To: speakup

Janina -
I ran across the same thing recently from another spammer. I
asked my ISP about it, and they were not at all helpful.

How about discarding incoming mail that is from yourself? Would
you miss it? <smile>

Chuck

*<<<=-=>>>*<<<=-=>>>*<<<=-=>>>*<<<=-=>>>*
Visit me at http://www.mhonline.net/~chuckh
The Moon is Waning Crescent (1% of Full)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How do I block this?
   ` Charles Hallenbeck
@    ` Janina Sajka
  0 siblings, 0 replies; 5+ messages in thread
From: Janina Sajka @  UTC (permalink / raw)
  To: speakup

Chuck:

It seems I haven't had enough coffee yet to keep with you this day. That's 
absolutely brilliant!

-- 

				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How do I block this?
   How do I block this? Janina Sajka
   ` Charles Hallenbeck
@  ` Kirk Wood
     ` Janina Sajka
  1 sibling, 1 reply; 5+ messages in thread
From: Kirk Wood @  UTC (permalink / raw)
  To: Speakup List

On Sat, 12 Jan 2002, Janina Sajka wrote:
> Recently, I came across the following header, and it has me befuddled. How 
> did they manage to make me out like the bad guy? The to: field seems 
> blank, but I'm the reply-to. Seems to me the culpirt may be an insecure 
> sag01.pumford.com. Is that a reasonableguess? But how did they work it to 
> make me the reply-to? And, might I be the reply-to in someone else's 
> mailbox?

You are correct here. The originator is at address 216.208.16.34. A
traceroute reveals that this IP address is not in anyone's DNS server, but
is served by bellnexxia.net Thus, you should send a complaint to
abuse@belnexxia.net. But first, check their web page and make sure they
don't encourage spam. As nasty as it sound,s I have come across providers
who stand up for spam. The first relay is indeed sag01.pumford.com.

As for how they fake the rest, it is so easy as to make one's head
spin. If they actually were sending this through a mail agent, they just
put what info they want you to see in reply-to. There is no security
here. More likely they have a script program that feeds the crap in. I am
considering a move to a hosting company that will filter the crap out. I
don't care if it gets some legitamite people's email. Those people will
then be pushed to have action taken by their provider. I wish it was
normal to filter for spam.

>  Return-Path: <janina//afb.net@165.212.14.253>
> Received: from localhost (toccata.grg.afb.net [127.0.0.1])
>         by toccata.dsl092-170-083.wdc1.dsl.speakeasy.net (8.11.6/8.11.6) 
> with ESMTP id g0BA45u12826
>         for <janina@localhost>; Fri, 11 Jan 2002 05:04:05 -0500
> From: janina//afb.net@165.212.14.253
> Received: from 165.212.14.253 [165.212.14.253]
>         by localhost with POP3 (fetchmail-5.9.0)
>         for janina@localhost (single-drop); Fri, 11 Jan 2002 05:04:05 
> -0500 (EST)
> Received: USA.NET MXFirewall, messaging filters applied; Fri, 11 Jan 2002 
> 10:02:26 GMT
> Received: from emdvg003.eservices.usa.net [165.212.54.10] by 
> umdvg002.cms.usa.net via mtad (53CM.1001.1.06)
>         with ESMTP id 762gakkcw0058M02; Fri, 11 Jan 2002 10:02:23 GMT
> Received: from sag01.pumford.com [64.7.165.19] by 
> emdvg003.eservices.usa.net via mtad (ES.0801.2.03);
>         Fri, 11 Jan 2002 10:02:28 GMT
> Received: from QRJATYDI (216.208.16.34 [216.208.16.34]) by 
> sag01.pumford.com with SMTP (Microsoft Exchange Internet Mail
>     Service Version 5.5.2650.21)
>         id CFA4V5AG; Fri, 11 Jan 2002 04:50:14 -0500
> To:
> Subject: Are you healthy and wealthy? You are lucky!
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> Date: Fri, 11 Jan 2002 12:45:58 +-0800
> Message-ID: <23245210@mbjdr>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="Windows-1251"

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How do I block this?
   ` Kirk Wood
@    ` Janina Sajka
  0 siblings, 0 replies; 5+ messages in thread
From: Janina Sajka @  UTC (permalink / raw)
  To: Speakup List

hOn Sat, 12 Jan 2002, Kirk Wood wrote:

> I am considering a move to a hosting company that will filter the crap 
out. I
> don't care if it gets some legitamite people's email.

Yes, I'm actually seriously considering putting a /dev/null script in my 
procmail to kill everything from .co.kr these days.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~ UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
 How do I block this? Janina Sajka
 ` Charles Hallenbeck
   ` Janina Sajka
 ` Kirk Wood
   ` Janina Sajka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).