At 03:20 PM 7/28/2003 -0400, you wrote:
>Hey Guys,
>
>Welcome to the internet. It IS a spoof. Take a look at the
>headers and notice the underlined sections:
Let's read the headers the correct way... comments below.
>>Received: from contesting.com [216.1.128.73] by nt030203-107137 with ESMTP
>> (SMTPD32-8.00) id A33DA910020; Mon, 28 Jul 2003 10:54:05 -0700
>>Received: from dayton.akorn.net (localhost [127.0.0.1])
>> by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHsCn5016804;
>> Mon, 28 Jul 2003 13:54:16 -0400
Above is correct and no to any concern. It's the lists server.
>>Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com
>> [205.158.62.67])
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>And just who is Outblaze.com? A whois search results:
Outblaze is a free email service and will NUKE this account
if complaints are filed. The abuse type God is Suresh
and can be contacted via abuse@outblaze.com
They are NOT at fault.
>So, Kip is routing his email via a company in Hong Kong? I don't think so.
Well yes he is.. It's a forwarding service.. And perfectly valid..
Keep going down..
>> by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHrxn4016564
>> for <vhfcontesting@contesting.com>; Mon, 28 Jul 2003 13:53:59 -0400
>>Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com
>> [205.158.62.68])
>> by spf13.us4.outblaze.com (Postfix) with QMQP id 82EC41800770
>> for <vhfcontesting@contesting.com>;
>> Mon, 28 Jul 2003 17:53:58 +0000 (GMT)
>>Received: (qmail 88944 invoked from network); 28 Jul 2003 17:53:54 -0000
>>Received: from unknown (HELO ws1-12.us4.outblaze.com) (205.158.62.81)
>> by 205-158-62-153.outblaze.com with SMTP; 28 Jul 2003 17:53:54 -0000
>>Received: (qmail 94651 invoked by uid 1001); 28 Jul 2003 17:53:52 -0000
>>Message-ID: <20030728175352.94650.qmail@mail.com>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Next, we see that the mail originated on another free email service,
mail.com.
Mail.com *is* Outblaze. They own mail.com as well as several thousand
other free email redirectors . Still a valid path line..
>Using an anonymous mail account routed via hong kong is a typical
footprint for
>an email spammer.
Not in this case.. But your right...
>No problem, except the address used in the email is an address on usa.com.
The
>mail should have come from an account on a usa.com server.
It did usa.com = outblaze.com = mail.com
The part you DIDN't leave of the header is the TRUE senders Ip address.
That would be this part at the bottom.
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
n2xre@usa.com; Mon, 28 Jul 2003 12:53:51 -0500
the original person is using the Ip of 12.109.148.178 and he gave it to
outblaze.com to be forwared. This is the sender..
This belongs to these people
REGUS BUSINESS CENTRE CO REGUS-BU64-148-128 (NET-12-109-148-128-1)
12.109.148.128 - 12.109.148.191
OrgName: REGUS BUSINESS CENTRE CO
OrgID: RBC-36
Address: 13800 COPPERMINE ROAD
City: HERNDON
StateProv: VA
PostalCode: 20171
Country: US
NetRange: 12.109.148.128 - 12.109.148.191
CIDR: 12.109.148.128/26
NetName: REGUS-BU64-148-128
NetHandle: NET-12-109-148-128-1
Parent: NET-12-0-0-0-1
NetType: Reassigned
Comment:
To: <vhfcontesting@contesting.com>
RegDate: 2002-05-19
Updated: 2002-05-19
TechHandle: JS971-ARIN
TechName: SMITH, JIM
TechPhone: +1-914-304-4147
TechEmail: jsmith@regususa.com
Now.. lets see who comes out of the woodwork...
This also matches a previous post
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
n2xre@usa.com; Mon, 28 Jul 2003 12:53:51 -0500
From: "Kip K." <n2xre@usa.com>
To: vhfcontesting@contesting.com
To: <vhfcontesting@contesting.com>
Date: Mon, 28 Jul 2003 12:53:51 -0500
X-Originating-Ip: 12.109.148.178
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
X-Originating-Server: ws1-12.us4.outblaze.com
Subject: [VHFcontesting] Re: Why we ... YADA YADA YADA
X-BeenThere: vhfcontesting@contesting.com
X-Mailman-Version: 2.1
Dave
- I do this for a living folks....
|