[Scspamcop] Re: Strange spams
Mike Easter
MikeE at ster.invalid
Mon Sep 22 09:00:39 EDT 2008
N. Miller wrote:
> Mike Easter
>
>> from 186.12.58.185 (EHLO vms172073pub.verizon.net) (206.46.172.73)
>> by mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant
>> fromfield
>
> Wondering how 'mta101.vzn.mail.re2.yahoo.com' is doing that?
I have no idea -- it was a complete bafflement to me. As I recall, that
186.12.58.185 no rDNS lacnic .ar IP had nothing to do with the mail. It
is very difficult to make a good analysis of what is real and what is
bogus when the (apparently) real server is/ appears to be/ stamping zany
noncompliant lines.
> I see:
>> Received: from 207.115.20.64 (EHLO flpi095.prodigy.net)
>> (207.115.20.64) by mta142.sbc.mail.mud.yahoo.com with SMTP; Thu, 11
>> Sep 2008 02:28:47 -0700
>
> When I look at the headers in this message:
>
>
http://www.spamcop.net/sc?id=z2266821492z5ec64707d48505e9929dea6ccceba3b3z
>
> That is an example from an 'at&t Yahoo! HSI' account, and I have
> successfully mailhosted that account; but I don't forward from that
> account to any other.
Your headers are pretty healthy and interpretable even if not completely
compliant.
You accessed an AOL server from a sbc/swbell IP, which aol transacted with
the prodigy/yahoo mailbox, and all of the from and by fields are
interpretable.
Abbreviated Received tracelines *comment
from 207.115.20.64 (EHLO flpi095.prodigy.net) (207.115.20.64) by
mta142.sbc.mail.mud.yahoo.com *serves recipient
from imo-m23.mx.aol.com (imo-m23.mx.aol.com [64.12.137.4]) by
flpi095.prodigy.net *serves recipient
from <munge netscape eml addy> by imo-m23.mx.aol.com *extra noncompliant
line SC ignores
from [192.168.102.34] ([69.110.229.74]) by cia-db05.mx.aol.com
*noncompliant sourceline aided by XOIP & aol xoip
--
Mike Easter
kibitzer, not SC admin
More information about the SCspamcop
mailing list