[BBLISA] Someone is out to get me - spam pretending to be from me
Tabor J. Wells
twells at fsckit.net
Fri Jan 14 14:58:47 EST 2005
On Fri, Jan 14, 2005 at 01:56:24PM -0500,
alex at basespace.net <alex_aminoff at alum.mit.edu> is thought to have said:
> > As others have already pointed out, The name "info.lifename.com" can
> > come from sources other than reverse DNS including outright forgery of
> > the email headers.
>
> You are correct, I jumped the gun on that one. I assumed that the received:
> line listing it was generated by hotmail, but I was misremembering how mail
> headers work. In fact,
>
> [alex at halifax ~]$ host 151.203.48.240
> 240.48.203.151.in-addr.arpa domain name pointer
> adsl-151-203-48-240.bostma.adsl.bellatlantic.net.
>
> > Is it possible your customer is the spammer?
>
> Well, I know them, and I am quite confident that they are not, but again,
> you don't.
eh? Through July of last year they were quite proficient spammers. I
regularly got spammed by them in 2003 and 2004. Here's a few samples from
news.admin.net-abuse.*:
http://groups-beta.google.com/groups?q=lifename.com+group:news.admin.net-abuse.*&start=0&scoring=d&
And here's the headers for the last one I received to an address which only
appears on the smarterliving.com (now smartertravel.com) website:
Received: from pool-151-203-6-11.bos.east.verizon.net ([151.203.6.11]:46666
helo=info.lifename.com) by hurricane.smarterliving.net with esmtp (Exim
4.14) id1BgZ5P-0004Ie-LL for privacy at smarterliving.com; Fri, 02 Jul 2004
21:12:59 -0400
Received: from lifename.com (info.lifename.com [192.168.2.7]) by
info.lifename.com (8.11.6/8.11.6) with SMTP id i631Jog27414 for
<privacy at smarterliving.com>; Fri, 2 Jul 2004 21:19:54 -0400
Content-class: urn:content-classes:message
Subject: The Same Email Address For Life
Date: Thu, 1 Jul 2004 20:19:54 -0500
Message-ID: <200407030119.i631Jog27414 at info.lifename.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: The Same Email Address For Life
Thread-Index: AcRgmuI771m7JTp5SxOBUdEbMubaDg==
From: "Adam at LifeName" <adam at info.lifename.com>
To: "Privacy DL" <privacy at smarterliving.com>
Note the dialup verizon.net address in boston used to send this. Are you
sure your customer didn't send it has since upgraded to adsl from verizon?
The IP address you include is a little too coincidental to me.
Tabor
--
--------------------------------------------------------------------
Tabor J. Wells twells at fsckit.net
Fsck It! Just another victim of the ambient morality
More information about the bblisa
mailing list