[ale] Spam relayed through ale

Mike Nelson mnelson at bellsouth.net
Sat Nov 29 23:34:16 EST 1997


I got two of them, and I have to wonder if the relays are faked and the
real source is the dial-up that appears in the middle:
 
Received: from ip251.los-angeles3.ca.pub-ip.psi.net(38.14.43.251) by
 dfw-ix5.ix.netcom.com via smap (V1.3) id rma004134; Wed Nov 26 10:59:34 1997

and:

Received: from default (pool034-max5.la-ca-us.dialup.earthlink.net
 {207.217.4.109]) by natasha.eden.com (8.8.8/8.8.8) with SMTP id CAA15832;


I really dunno how this header faking stuff works, but if they're using
throwaway dial-up accounts to hijack different "Friendly internet
service providers" it's kind of hopeless, isn't it? If it is a hijacked
mail server doing this, would the victim be natasha.eden.com and 
dfw-ix5.ix.netcom.com? It sorta looks like the dialups are in Los Angeles,
which is where the mailing adress is. Anyway, that's where I'm complaing to.
-M
 





On 28-Nov-97 Stephen F Nicholas wrote:
>Robert,
>  Yep, noticed that.  Note that my original message said that the message
>was being relayed through ale's (I suspected, but mentioned Ga. Tech's
>server.)  I was hoping that the admin for ale would see this message and
>take appropriate action.  I turned off relaying on my Linux box, but the
>situation may not be as simple as that for a big organization.  They may
>also be doing legimate relaying.
>
>Steve
>
>
>
>On Thu, 27 Nov 1997, Robert L Harris wrote:
>
>> I got this also, but it wasn't from netcom.com.  If you check the
>> headers of the original message, it was sent from denmark, so somone
>> is faking mail.
>> > 
>> >   Has anyone else on ale been receiving the message below ?  I looked at
>> > the mail headers from previous messages (not this particular one, yet) and
>> > it appears that it's being relayed through Georgia Tech.
>> > 
>> > Steve
>> > 
>> > 
>> > 
>> > On Thu, 27 Nov 1997, d6hh1 wrote:
>> > 
>> > > Authenticated sender is <d6hh1 at ix.netcom.com>
>> > > Subject:  as it
>> > > Mime-Version: 1.0
>> > > Content-Type: text/plain; charset="us-ascii"
>> > > Content-Transfer-Encoding: 7bit
>> > > 
>> > > EMAIL MARKETING WORKS!!!
>> > > 
>> > > It's quick and effective!!
>> > > Mass email and targeted email marketing works!
>> > > With our special program we not only provide you with up to
>> > > 30 MILLION email addresses, we also provide you with a terrific
>> > 
>> > big snip           
>> > 
>> > =======================================================
>> > | Steve Nicholas             |                        |
>> > | Help Center Services       |  A risk is not a risk  |
>> > | Georgia State University   |  until it is taken.    | 
>> > | snicholas at gsu.edu          |                        |
>> > | HTTP://www.gsu.edu/help    |                        |
>> > =======================================================
>> > 
>> > 
>> 
>> 
>> ---------------------------------------------------------------------------
>> Robert L. Harris          |   If NT is the answer,
>> System Engineer For Hire. \_    You don't understand the question
>> 
>> Voice:
>>   (303) 971-9218
>> Email:
>>   Robert at ast.lmco.com
>> 
>> http://www.orci.com/~nomad
>> 
>> DISCLAIMER:
>>       These are MY OPINIONS ALONE.  I speak for no-one else.
>> 
>> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>> 
>
>=======================================================
>| Steve Nicholas             |                        |
>| Help Center Services       |  A risk is not a risk  |
>| Georgia State University   |  until it is taken.    | 
>| snicholas at gsu.edu          |                        |
>| HTTP://www.gsu.edu/help    |                        |
>=======================================================

----------------------------------
E-Mail: Mike Nelson <mnelson at bellsouth.net>
Date: 29-Nov-97
Time: 23:34:16

This message was sent by XFMail
----------------------------------






More information about the Ale mailing list