On Wednesday 14 September 2005 14:16, jdow wrote:
> Kevin, it's called a "Joe Job". It is exceptionally common. Headers in
> email are pathetically easy to forge as far as the ones that existed
> while the email was still on the sender's machines. Often if you trace
> the received headers you find "discontinuities" in the chain if the
> spammer bothered to forge them anymore. This is one of the things that
> automated tools like SpamAssassin have gotten pretty good at finding.
> The spammers are into cleverer tricks these days. Spammers still use
> the "Joe Job", the forged sender, most of the time. I use it as one of
> my customized SpamAssassin rules, as a matter of fact. It's part of a
> set of rules and meta rules that can work on my addresses.
>
> {^_^} Joanne
> ----- Original Message -----
> From: <kevin.kempter@xxxxxxxxxxxxxxxxx>
>
> > Returned mail: User unknown
> > Hi List;
> >
> > I keep getting emails similar to the text below. I/We own the domain
> > dataintellect.com and we have email addresses setup however I always see
> > a bogus dataintellect.com email address as the sender.
> >
> > -or is this simply a random spam email?
> >
> > Thanks in advance for any advice...
> >
> >
> > ================================================
> >
> > From:
> > Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxx>
> > To:
> > carina_x@xxxxxxxxxxxxxxxxx
> > Date:
> > Today 13:31:26
> >
> > Spam Status: Spamassassin 0% probability of being spam.
> >
> > Full report:
> > No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.4
> > The original message was received at Wed, 14 Sep 2005 15:31:23 -0400
> > (EDT) from client-201.230.112.161.speedy.net.pe [201.230.112.161]
>
> ... Lots of incidentalia removed
>
> > Received: from client-201.230.112.161.speedy.net.pe
> > (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
> > rly-yg02.mx.aol.com (v107.10) with ESMTP id
> > MAILRELAYINYG23-26f43287a8232f;
> > Wed, 14 Sep 2005 15:31:21 -0400
> > Received: from mail.strawberrysampler.com ([64.118.71.80]) by
> > 201.230.112.161
> > with ESMTP id 4868741;
> > Wed, 14 Sep 2005 19:21:59 -0100
> > Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005
> > 19:21:59
> > -0100
> > Date: Wed, 14 Sep 2005 19:21:59 -0100
> > Message-ID: <20050914.68664.carina_x@xxxxxxxxxxxxxxxxx>
> > From: "Men of Focus" <carina_x@xxxxxxxxxxxxxxxxx>
> > Sender: carina_x@xxxxxxxxxxxxxxxxx
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^ Pure forgery. You can do that even
> with Outlook Express.
>
> > To: acardi@xxxxxx, adorablealicia@xxxxxx, aclaudet@xxxxxx,
> > acarter5@xxxxxx,
> > acrader@xxxxxx
>
> ... More stuff removed
Thanks for the info.
Can you send me info on what a spam assasin filter to catch these will need to
look like?
