[Scspamcop] Re: Is SpamCop parsing this correctly?
Ellen
nobody at spamcop.net
Tue Apr 14 20:58:20 EDT 2009
Geoffrey Hyde wrote:
> http://www.spamcop.net/sc?id=z2792181368zbcb1e3b85cc8fcb010d48b35cfdd5f4fz
>
> It's obviously a pathetic attempt at a forgery trying to be from some
> legitimate looking Microsoft company or subsidiary. SpamCop wasn't fooled,
> either.
>
> Is SpamCop parsing this spam correctly? Being that I'm mailhosted, I need
> to find out if SpamCop's getting the right target, so just let me know if
> the parser is doing what it's supposed to do and finding the source or not.
> I don't care about whatever gimmicks the spammer was trying to use.
>
>
> Cheers ...
>
> Geoffrey Hyde
>
>
>
What do you think is a pathetic forgery? The headers look
straightforward to me -- some random IP in Azerbaijan has a compromised
machine behind it sending spam or is controlled by the spammer. There
are two received headers - the top one is bigpond passing the mail
around and the next one is bigpond receiving the mail from outside ... I
am sure we have discussed the line in orange more than once, that is the
parsing recognizing the injection source on a mailhosted account.
If you are talking about the "you are receiving this offer" part of the
spam -- that's pretty standard for spammers to copy and use bits and
pieces of legit mailings in their spam.
Ellen
SpamCop
More information about the SCspamcop
mailing list