[PLUG] Reporting spam forgeries

Dave Clemans dgc at merrivale.dhs.org
Sat Jun 22 18:51:23 PDT 2002


That would be preferable, but there are no windows systems around here,
none of the addresses it bounced from I've ever sent mail to, etc.
The big thing that makes me somewhat unsure is the subject line.  The
headers from the original bounced message follows, with the first few lines
of the body.

> 
> Return-path: <dgc at easystreet.com>
> Received: from pool-63.49.204.158.troy.grid.net ([63.49.204.158] helo=helo)
> 	by goose.mail.pas.earthlink.net with smtp (Exim 3.33 #2)
> 	id 17LofV-0006MD-00; Sat, 22 Jun 2002 10:27:26 -0700
> From: dgc at easystreet.com
> To: 
> Subject: Signature Line: A set of 4 - 8 lines of text placed at the end of a mail
> Date: Sat, 22 Jun 2002 11:57:25 -0400
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="----=_NextPart_000_64EB_00003CA6.00001E2A"
> X-Priority: 1
> X-MSMail-Priority: High
> Errors-To: software4millions- at excite.com
> X-Mailer: Microsoft Outlook Express 8.2.400
> Message-Id: <E17LofV-0006MD-00 at goose.mail.pas.earthlink.net>
> 
> ------=_NextPart_000_64EB_00003CA6.00001E2A
> Content-Type: text/html;
> 
> <HTML>
> <BODY>
> 
> <FONT face="MS Sans Serif">
> <FONT size=3>
> <FONT color="#480024"><I>  MAKE NO MISTAKE ABOUT IT!  Direct Email if\<BR>
>  carried out properly, can make you money so fast\<BR>

Thanks,
dgc


> 
> --J/dobhs11T7y2rNN
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
> 
> Are you sure it isn't the result of the Klez worm?
> 
> http://www.wired.com/news/technology/0,1282,52055,00.html
> 
> Sandy
> 
> On Sat, 22 Jun 2002, dgc at easystreet.com wrote:=20
> > Unfortunately it looks like one of those stupid "buy millions of email
> > addresses on cdrom" spam campaigns started this morning, and my email
> > address (dgc at easystreet.com) is being forged as the from address. The only
> > reason I know about it from a bounce message.
> >=20
> > I've reported it to "abuse" at the isps the message passed through, and to
> > uce at ftc.gov.  Are there any other good government address I can report it=
>  to?
> >=20
> > I wouldn't be surprised if I have to change email addresses soon.  I'm
> > probably already on some blacklists.  Sigh.....
> >=20
> > dgc
> 
> --=20
> Sandy Herring, RHCE                        o              sandy at herring.org
> Peck of Pickled Pisces               __  o               http://herring.org/
> UNIX or Web authoring questions?  |\/ o\  o  http://herring.org/finger.html
> =3D>http://herring.org/techie.html  |/\__/     http://herring.org/pub-key.a=
> sc
> *sh, Perl, C, VBA, PICK Assembler, Data/Basic, PROC & profanity spoken here.
> 
> --J/dobhs11T7y2rNN
> Content-Type: application/pgp-signature
> Content-Disposition: inline
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE9FSTiA9fK8s8EnOcRAtRpAJ9pxDjVawhKpsjL477elwcIRpD7QgCeMH0t
> g6fJivdC/j47Loi1Nhjj7OQ=
> =vaPc
> -----END PGP SIGNATURE-----
> 
> --J/dobhs11T7y2rNN--
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug






More information about the PLUG mailing list