[12124] in North American Network Operators' Group
Re: Spammer Bust
daemon@ATHENA.MIT.EDU (Phil Howard)
Fri Sep 5 15:05:59 1997
From: Phil Howard <phil@charon.milepost.com>
To: markl@rust.net (Mark E Larson)
Date: Fri, 5 Sep 1997 13:43:56 -0500 (CDT)
Cc: nanog@merit.edu
In-Reply-To: <3.0.3.32.19970905090716.006cf0b4@bigbrother.rust.net> from "Mark E Larson" at Sep 5, 97 09:07:16 am
Mark E Larson wrote...
> Thought people would be interested in this article.
>
> http://www.pcmike.com/Special%20Reports/High%20School%20Spammer.html
I'm curious if this spam somehow avoided the mail tracking headers that
can generally pinpoint the real originating machine. When I get spam to
investigate, I bypass the fictional identity in the content of the mail
and go right to figuring out where it came from.
The web page on www.pcmike.com told that some other ISPs blocked RUSTnet.
But why? Were those ISPs too ignorant to understand the headers and how
to figure out where the mail came from? Or did RUSTnet's mail server
delete them? Or did the spammer figure out a way to avoid having the
first Received header point back to the point of entry?
I've seen enough ISPs that don't know there stuff to surely believe that
many would block the wrong provider.
--
Phil Howard KA9WGN +-------------------------------------------------------+
Linux Consultant | Linux installation, configuration, administration, |
Milepost Services | monitoring, maintenance, and diagnostic services. |
phil at milepost.com +-------------------------------------------------------+
