Spam from "spam protected" sites

Hugo van der Kooij hvdkooij at vanderkooij.org
Sun Oct 28 23:15:50 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I seem to find that quite a few samples of spam I get are from sites
which seem to indicate they fight spam. But from the other headers I
have strong doubts they do a good job at all.

This one was from an abused script from the looks of it.

> Return-Path: <mcleanp2002 at gala.net>
> X-Original-To: hugo at vanderkooij.org
> Delivered-To: hugo at vanderkooij.org
> Received: from titanium.dnsprotect.com (titanium.dnsprotect.com [72.9.235.98])
> 	by balin.waakhond.net (Postfix) with ESMTP id B104C17E90BC
> 	for <hugo at vanderkooij.org>; Sun, 28 Oct 2007 23:05:47 +0100 (CET)
> Received: from [127.0.0.1] (helo=localhost)
> 	by titanium.dnsprotect.com with esmtpa (Exim 4.68)
> 	(envelope-from <mcleanp2002 at gala.net>)
> 	id 1ImFw6-0007IW-DS; Sun, 28 Oct 2007 17:44:46 -0400
> Received: from 38.99.101.133 ([38.99.101.133]) by www.ktharos.com (Horde
> 	MIME library) with HTTP; Sun, 28 Oct 2007 17:44:44 -0400
> Message-ID: <20071028174444.jbrc4fj2yooo80wg at www.ktharos.com>
> Date: Sun, 28 Oct 2007 17:44:44 -0400
> From: McLean Peters <mcleanp2002 at gala.net>
> Reply-to: mcpeters at pc.nu
> To: undisclosed-recipients:;
> Subject: [SPAM] Re: Request For Investment
> MIME-Version: 1.0
> Content-Type: text/plain;
> 	charset=ISO-8859-1;
> 	DelSp="Yes";
> 	format="flowed"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
> User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
> X-AntiAbuse: Primary Hostname - titanium.dnsprotect.com
> X-AntiAbuse: Original Domain - vanderkooij.org
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
> X-AntiAbuse: Sender Address Domain - gala.net
> X-Source: 
> X-Source-Args: 
> X-Source-Dir: 

Any thoughts on the subject?

Hugo.

PS: Did anyone ever write a SA rule to give points where the From: and
Reply-To: domains differ?

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHJRgjBvzDRVjxmYERAsMJAJ9iyO072ADbxsvQ20AJjiPtTQbPiACdFPJ+
f++A/m+zpzQPzQ4xOIxwLg8=
=r7Sz
-----END PGP SIGNATURE-----

More information about the MailScanner mailing list