From big_mart_98 at yahoo.com Thu Sep 11 02:31:47 2008 From: big_mart_98 at yahoo.com (Martin Edwards) Date: Thu Sep 11 02:35:04 2008 Subject: [Schelp] A spoof Message-ID: I just received the following, which purports to be from myself. How the devil did that happen? From - Thu Sep 11 07:26:36 2008 X-Account-Key: account5 X-UIDL: 1141928456.4713 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: Received: from dylan.cwazy.net ([unix socket]) by tigger (Cyrus v2.1.18-IPv6-Debian-2.1.18-5.1) with LMTP; Wed, 10 Sep 2008 21:02:37 +0100 X-Sieve: CMU Sieve 2.2 Received: by dylan.cwazy.net (Postfix, from userid 1001) id 2D93B939788; Wed, 10 Sep 2008 21:02:37 +0100 (BST) Received: from leandro (189.58.119.134.adsl.gvt.net.br [189.58.119.134]) by dylan.cwazy.net (Postfix) with SMTP id E9AF2939627 for ; Wed, 10 Sep 2008 21:02:32 +0100 (BST) Content-Return: allowed X-Mailer: CME-V6.5.4.3; MSN Received: (qmail 14644 by uid 348); Wed, 10 Sep 2008 05:05:58 -0300 Message-Id: <20080910020558.14646.qmail@leandro> To: Subject: September 79% 0FF From: MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 080909-0, 09/09/2008), Outbound message X-Antivirus-Status: Clean Date: Wed, 10 Sep 2008 21:02:32 +0100 (BST) X-DSPAM-Result: Innocent X-DSPAM-Processed: Wed Sep 10 21:02:37 2008 X-DSPAM-Confidence: 0.9899 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 48c827dd41571804284693 X-DSPAM-Factors: 27, Offers+e, 0.01000, Received*Sep, 0.01000, Received*Sep, 0.01000, e, 0.01000, e, 0.01000, Newsletters, 0.01000, or, 0.01000, or, 0.01000, an, 0.01000, This+will, 0.01000, from, 0.01000, from, 0.01000, of, 0.01000, Offers+Microsoft, 0.01000, About, 0.01000, Received*by+dylan.cwazy.net, 0.01000, not+be, 0.01000, MSN+shall, 0.01000, mail+communications, 0.01000, Received*dylan.cwazy.net, 0.01000, service, 0.01000, WA+98052, 0.01000, Way, 0.01000, X-Mailer*V6.5.4.3, 0.01000, you+do, 0.01000, X-Antivirus*0, 0.01000, any, 0.01000
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

?2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
!DSPAM:48c827dd41571804284693! From news0807REMOVECAPS at orrery.e4ward.com Thu Sep 11 03:50:46 2008 From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith) Date: Thu Sep 11 03:55:03 2008 Subject: [Schelp] Re: A spoof In-Reply-To: References: Message-ID: Martin Edwards wrote: > I just received the following, which purports to be from myself. How > the devil did that happen? > In the same way that I could write you a letter, insert your postal address at the top of the letter and your name at the bottom where the signature goes. The spammers have different tactics for the from/reply addresses, some include a temporary address, some a false address, some use any address from the 'victim' list, some use your own address - presumably in an attempt to get around the various blacklists. Spoofing of from/reply addresses is common and perfectly legitimate. The from address of this posting isn't the real email account that I'm posting from - for reasons set out below. regards, Ian p.s. you may get complaints about posting the whole source here and I'd advise against exposing your real email address in such postings. From big_mart_98 at yahoo.com Fri Sep 12 03:08:18 2008 From: big_mart_98 at yahoo.com (Martin Edwards) Date: Fri Sep 12 03:10:03 2008 Subject: [Schelp] Re: A spoof In-Reply-To: References: Message-ID: Ian Smith wrote: > Martin Edwards wrote: >> I just received the following, which purports to be from myself. How >> the devil did that happen? >> > > In the same way that I could write you a letter, insert your postal > address at the top of the letter and your name at the bottom where the > signature goes. > > The spammers have different tactics for the from/reply addresses, some > include a temporary address, some a false address, some use any address > from the 'victim' list, some use your own address - presumably in an > attempt to get around the various blacklists. > > Spoofing of from/reply addresses is common and perfectly legitimate. > The from address of this posting isn't the real email account that I'm > posting from - for reasons set out below. > > regards, Ian > > p.s. you may get complaints about posting the whole source here and I'd > advise against exposing your real email address in such postings. thanks From clewis at nortel.com Mon Sep 15 18:11:59 2008 From: clewis at nortel.com (Chris Lewis) Date: Mon Sep 15 18:15:04 2008 Subject: [Schelp] Re: A spoof References: Message-ID: According to Martin Edwards : > Ian Smith wrote: > > p.s. you may get complaints about posting the whole source here and I'd > > advise against exposing your real email address in such postings. > thanks Note also that these things in particular are quite dangerous. While most of them are Canadian Pharmacy links, many of them are active infectors. Posting the links without munging can cause others to get infected. -- Chris Lewis, Age and Treachery will Triumph over Youth and Skill It's not just anyone who gets a Starship Cruiser class named after them. From fudo at spamblocked.invalid Thu Sep 18 11:34:22 2008 From: fudo at spamblocked.invalid (fudo) Date: Thu Sep 18 11:40:03 2008 Subject: [Schelp] bad routing error: 174.133.163.x Message-ID: trying to report spam from 174.133.163.0/24 and 174.132.36.0/24 gives a bad routing error and dev/nulls the report. ARIN says 174.132.0.0/15 belongs to the planet; spamcop seems to have cached some stale data. NetRange: 174.132.0.0 - 174.133.255.255 CIDR: 174.132.0.0/15 OriginAS: AS13749, AS21844, AS30315, AS36420 NetName: NETBLK-THEPLANET-BLK-15 NetHandle: NET-174-132-0-0-1 Parent: NET-174-0-0-0-0 NetType: Direct Allocation NameServer: NS1.THEPLANET.COM NameServer: NS2.THEPLANET.COM -- signone From nobody at spamcop.net Sat Sep 20 07:20:57 2008 From: nobody at spamcop.net (Ellen) Date: Sat Sep 20 17:00:03 2008 Subject: [Schelp] Re: bad routing error: 174.133.163.x In-Reply-To: References: Message-ID: fudo wrote: > trying to report spam from 174.133.163.0/24 and 174.132.36.0/24 gives a > bad routing error and dev/nulls the report. ARIN says 174.132.0.0/15 > belongs to the planet; spamcop seems to have cached some stale data. > > NetRange: 174.132.0.0 - 174.133.255.255 > CIDR: 174.132.0.0/15 > OriginAS: AS13749, AS21844, AS30315, AS36420 > NetName: NETBLK-THEPLANET-BLK-15 > NetHandle: NET-174-132-0-0-1 > Parent: NET-174-0-0-0-0 > NetType: Direct Allocation > NameServer: NS1.THEPLANET.COM > NameServer: NS2.THEPLANET.COM There is an override in the system for 174.0.0.0 - 174.255.255.255 as none of that space was allocated. Appears space is now being allocated from the 174. block so I removed the override. Thanks Ellen SpamCop