Re: OT - has my email domain been hijacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kevin, it's called a "Joe Job". It is exceptionally common. Headers in
email are pathetically easy to forge as far as the ones that existed
while the email was still on the sender's machines. Often if you trace
the received headers you find "discontinuities" in the chain if the
spammer bothered to forge them anymore. This is one of the things that
automated tools like SpamAssassin have gotten pretty good at finding.
The spammers are into cleverer tricks these days. Spammers still use
the "Joe Job", the forged sender, most of the time. I use it as one of
my customized SpamAssassin rules, as a matter of fact. It's part of a
set of rules and meta rules that can work on my addresses.

{^_^}    Joanne
----- Original Message ----- From: <kevin.kempter@xxxxxxxxxxxxxxxxx> 



Returned mail: User unknown
Hi List;

I keep getting emails similar to the text below. I/We own the domain
dataintellect.com and we have email addresses setup however I always see a
bogus dataintellect.com email address as the sender.

-or is this simply a random spam email?

Thanks in advance for any advice...


================================================

From:
Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxx>
 To:
carina_x@xxxxxxxxxxxxxxxxx
 Date:
Today 13:31:26

 Spam Status: Spamassassin 0% probability of being spam.

Full report:
No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no  version=3.0.4
The original message was received at Wed, 14 Sep 2005 15:31:23 -0400 (EDT)
from client-201.230.112.161.speedy.net.pe [201.230.112.161]



... Lots of incidentalia removed


Received: from  client-201.230.112.161.speedy.net.pe
(client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
rly-yg02.mx.aol.com (v107.10) with ESMTP id MAILRELAYINYG23-26f43287a8232f; 
Wed, 14 Sep 2005 15:31:21 -0400
Received: from mail.strawberrysampler.com ([64.118.71.80]) by 201.230.112.161 
with ESMTP id 4868741;
        Wed, 14 Sep 2005 19:21:59 -0100
Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005 19:21:59 
-0100
Date: Wed, 14 Sep 2005 19:21:59 -0100
Message-ID: <20050914.68664.carina_x@xxxxxxxxxxxxxxxxx>
From: "Men of Focus" <carina_x@xxxxxxxxxxxxxxxxx>
Sender: carina_x@xxxxxxxxxxxxxxxxx

         ^^^^^^^^^^^^^^^^^^^^^^^^^^ Pure forgery. You can do that even
with Outlook Express.
To: acardi@xxxxxx, adorablealicia@xxxxxx, aclaudet@xxxxxx, acarter5@xxxxxx, 
       acrader@xxxxxx
... More stuff removed
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux