Note: To protect the privacy of our members, e-mail addresses have been removed from the archived messages. As a result, some links may be broken.

Lesson Plans


Re: FW (no subject) [long]

[ Thread ][ Subject ][ Author ][ Date ]
Maggie White (mwhite)
Sun, 12 Apr 1998 06:47:44 -0700


> At 08:02 AM 4/11/98 -0500, you wrote:
> >Are the rest of you getting strange messages like this one below? I get
> >several a week.
> >
> >> From: owner-newartsednet.edu
> >> To:
> >> Subject: Re: <no subject>
> >> Date: Saturday, April 11, 1998 4:20 AM
> >> 【我們以最優惠價錢為你製造各類高品質CD.】
> >>
> >> 使用專業CD-R金碟片,可存放650MB資料. <snip>

Jane Shiflett Manner wrote:
>
> Yes, I do and I have returned the messages with a question about what is
> going on and I get a message stating that "Newartsednet" is not a valid
> e-mail address even though that is the address in the "From:" spot. <snip>

Jane and Debbie and anyone else:

This is spam that somehow lost something in the translation. Sending a message to the
"From:" server is useless, as the spammers will alter their addresses to avoid
detection. You have to turn on the headers in order to find out the source. The real
domain name is usually found in the final "Received:" line.

Here are the headers:

Return-Path:
<owner-artsednet.edu>
Received:
from web1.pub.getty.edu ([192.215.101.9]) by mail.isdnet.com
(Netscape Mail Server v2.02) with ESMTP id AAA191 for
<mwhite>; Fri, 10 Apr 1998 22:33:30 -0700
Received:
(from majordom@localhost) by web1.pub.getty.edu (8.8.6/8.8.6) id
VAA25284 for artsednet-outgoing; Fri, 10 Apr 1998 21:09:41
-0700 (PDT)
From:
owner-newartsednet
Received:
from pop.hkstar.com (pisces.hkstar.com [202.82.7.77]) by
web1.pub.getty.edu (8.8.6/8.8.6) with ESMTP id VAA25280 for
<artsednet.edu>; Fri, 10 Apr 1998 21:09:37
-0700 (PDT)
Received:
from hhtun016166.netvigator.com (hhtun016166.netvigator.com
[208.139.122.166]) by pop.hkstar.com (8.8.8/8.8.4) with SMTP id
LAA18113; Sat, 11 Apr 1998 11:52:32 +0800 (HKT)
Message-Id:
<199804110352.LAA18113>
X-Authentication-Warning:
pisces.hkstar.com: hhtun016166.netvigator.com [208.139.122.166]
didn't use HELO protocol

The real domain is netvigator.com Once you start examining spam headers on a regular
basis you get pretty good at deciphering them. I've read that one should NEVER send a
reply to the spammer, not even when they tell you how to remove yourself from their
list; that just lets them know they got a valid address to spam again. If you're so
inclined, send a brief message of complaint, along with the _full_ headers and message,
to abuse@the domain name. They will often cancel the service of the spammer.

I'd be glad to e-mail a few hints and tips to anyone who wishes to join me on the
Crusade to End Spam ;)

Maggie**remove x in address to reply [a SPAM-BLOCKER]