Michele Neylon :: Blacknight Solutions michele at BLACKNIGHTSOLUTIONS.COM
Tue Feb 24 20:19:26 GMT 2004

> Is this possible?
Resolving hostnames to offshore hosts sounds like a very complex process. I
tested one of the "logo design" spams yesterday. The URL in the email
pointed to site A/somedirectory/?somequerystring So I tried to access site A
without all the "extras" - dead site.
Feeling adventurous I tried the URL - it launches an automatic redirect to
another hostname which is _not_ mentioned anywhere in the SPAM email.
So you have three problems (in my rather simplistic view)
- 1 Source IP - almost impossible to forge, but could be anywhere in the
- 2 Source address/domain/hostname - meaningless
- 3 URLs in the text/body of the email -
- 4 The *real* hostnames that 3 refers to

1 - is easy enough to track/block
2 - is meaningless
3 - awkward. Reverse IP lookups on each one???? Sounds painful
4 - unless you follow the URL in 3 you have no way of knowing what it is

More information about the MailScanner mailing list