OT: got spam today that fooled Spamcop reporting

DNSAdmin dnsadmin at 1BIGTHINK.COM
Fri Jan 30 17:01:22 GMT 2004

At 08:55 AM 1/30/2004 -0500, you wrote:
>   I got a spam today from that I sent off to
>spamcop for reporting.  When I got the response back and went
>to the SpamCop link, its software had deduced that *my* mail
>server was the spam source, not  I looked at
>the mail headers and found:
>    From jaearick at colby.edu Fri Jan 30 06:40:02 2004 -0500
>    Return-Path: <qsmj at ydrfcp.makeup-site.info>
>    Received: from hqbzdctu.makeup-site.info ([])
>        by basalt.colby.edu (8.12.11/8.12.11/1.48') with ESMTP id
>    i0UBdtTk029229
>        for <jaearick at colby.edu>; Fri, 30 Jan 2004 06:39:56 -0500 (EST)
>Ok so far, it agrees with my syslogs.  Then the bogosity begins:
>    Resent-Date: Fri, 30 Jan 2004 06:39:55 -0500 (EST)
>    Resent-From: qsmj at ydrfcp.makeup-site.info
>    Resent-Message-Id: <200401301139.i0UBdtTk029229 at basalt.colby.edu>
>    Received: from basalt.colby.edu (
>      by hqbzdctu.makeup-site.info with SMTP id CLQ8TSZ8TN7; Fri, 30 Jan 2004
>    06:30:
>    30 -0400
>    Received: from nfgwb.makeup-site.info (HELO nfgwb) (
>      by basalt.colby.edu with SMTP; Fri, 30 Jan 2004 06:30:30 -0400
>    Reply-To: <qsmj at ydrfcp.makeup-site.info>
>    From: "Elizabeth" <qsmj at ydrfcp.makeup-site.info>
>Hmmm.  The bottom-most IP ( is an IANA reserved number so
>Spamcop throws it away.  The next number up is, my
>mail server, so SpamCop locks onto that and says that my mail server
>sent the spam.  Not so.  There is no msgid CLQ8TSZ8TN7 in my syslogs.
>In fact it isn't even the right number of characters since my server
>runs sendmail 8.12.11.  This header is totally forged.


>Jeff Earickson
>Colby College

Hi Jeff,

Feel free to block that IP, No RDNS on it and Level3 has whole 'C' blocks
that they protect for spammers.

I hate Level3 for that!

Anyone: If you are on Level3 Networks, you support spammers. Take your
business elsewhere!


More information about the MailScanner mailing list