OT - has my email domain been hijacked?

jdow jdow at earthlink.net
Wed Sep 14 20:16:43 UTC 2005 

Kevin, it's called a "Joe Job". It is exceptionally common. Headers in
email are pathetically easy to forge as far as the ones that existed
while the email was still on the sender's machines. Often if you trace
the received headers you find "discontinuities" in the chain if the
spammer bothered to forge them anymore. This is one of the things that
automated tools like SpamAssassin have gotten pretty good at finding.
The spammers are into cleverer tricks these days. Spammers still use
the "Joe Job", the forged sender, most of the time. I use it as one of
my customized SpamAssassin rules, as a matter of fact. It's part of a
set of rules and meta rules that can work on my addresses.

{^_^}    Joanne
----- Original Message ----- 
From: <kevin.kempter at dataintellect.com>


> Returned mail: User unknown
> Hi List;
>
> I keep getting emails similar to the text below. I/We own the domain
> dataintellect.com and we have email addresses setup however I always see a
> bogus dataintellect.com email address as the sender.
>
> -or is this simply a random spam email?
>
> Thanks in advance for any advice...
>
>
> ================================================
>
> From:
> Mail Delivery Subsystem <MAILER-DAEMON at aol.com>
>  To:
> carina_x at dataintellect.com
>  Date:
> Today 13:31:26
>
>  Spam Status: Spamassassin 0% probability of being spam.
>
> Full report:
> No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no  version=3.0.4
> The original message was received at Wed, 14 Sep 2005 15:31:23 -0400 (EDT)
> from client-201.230.112.161.speedy.net.pe [201.230.112.161]
>
>
... Lots of incidentalia removed

> Received: from  client-201.230.112.161.speedy.net.pe
> (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
> rly-yg02.mx.aol.com (v107.10) with ESMTP id 
> MAILRELAYINYG23-26f43287a8232f;
> Wed, 14 Sep 2005 15:31:21 -0400
> Received: from mail.strawberrysampler.com ([64.118.71.80]) by 
> 201.230.112.161
> with ESMTP id 4868741;
>         Wed, 14 Sep 2005 19:21:59 -0100
> Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005 
> 19:21:59
> -0100
> Date: Wed, 14 Sep 2005 19:21:59 -0100
> Message-ID: <20050914.68664.carina_x at dataintellect.com>
> From: "Men of Focus" <carina_x at dataintellect.com>
> Sender: carina_x at dataintellect.com
          ^^^^^^^^^^^^^^^^^^^^^^^^^^ Pure forgery. You can do that even
with Outlook Express.

> To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com, 
> acarter5 at cs.com,
>        acrader at cs.com
... More stuff removed

More information about the fedora-list mailing list