From kragen@dnaco.net Fri Aug 28 09:32:03 1998 Date: Fri, 28 Aug 1998 09:32:02 -0400 (EDT) From: Kragen To: Dean-Christian Strik Subject: Re: (fractint) Speaking of spam... In-Reply-To: <002e01bdd20f$39235080$320032c0@Dean-ChristianStrik> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: QUOTED-PRINTABLE X-Keywords: X-UID: 1537 Status: O X-Status: On Fri, 28 Aug 1998, Dean-Christian Strik wrote: > >No, but I think that if you forward me the full headers, I might have a > >better idea. It's not your run-of-the-mill spamware. From=20looking at it, it looks like someone just forwarded the mail by hand in Mozilla. Someone posted a theory about this the other day on the fractint mailing list. Note: - the legitimate-looking Received: path -- first it bounces around inside the originating domain, with real-looking Received: lines, then goes directly to forward.hetnet.nl, which is presumably hetnet's mail-receiving machine; (one could, of course, verify that each of these machines has the IP address they say they do, and that forward.hetnet.nl. really is an MX for hetnet.nl.) - the consistency of origin -- the Received:, From:, Organization, and Return-Path lines all say it came from the same place. - the correct-looking message-ID (you could try sending a mail with Mozilla 4.06 yourself to determine if that's really what Mozilla message-IDs look like); - the correct MIME headers (which you could also check against Mozilla's; look in particular at the boundary=3D"" specification in the Content-Type: line. - the non-BCC-ness: you are, in fact, on the To: list. - the fact that the content appears to be a chain letter scam, not a scam originating from this Diosnel Hernsdorf person. Inconclusive conclusion: it was not a piece of special-purpose spamware that sent this message, but only Mozilla. It's likely that the From: address is even correct, and you could write to and flame this person. I wouldn't normally leave the header in here, but I thought that in this case, it might be more convenient. > ----- > Received: from forward.hetnet.nl - 145.7.226.1 by with Microsoft SMTPSVC= ; > Thu, 27 Aug 1998 16:41:40 +0200 > Received: from ns.krauch.com.py ([207.124.222.109]) by forward.hetnet.nl = with > Microsoft SMTPSVC(5.5.1875.185.18); > Thu, 27 Aug 1998 15:36:02 +0200 > Received: from krauch.com.py (router.krauch.com.py [207.124.222.119]) > by ns.krauch.com.py (8.8.7/8.8.7) with ESMTP id JAA27693; > Thu, 27 Aug 1998 09:27:36 -0400 > Message-ID: <35E55F5E.30378ADA@krauch.com.py> > Date: Thu, 27 Aug 1998 09:30:09 -0400 > From: Diosnel Herrnsdorf > Organization: S.A. F.Krauch & C=EDa. > X-Mailer: Mozilla 4.06 [en] (Win95; I) > MIME-Version: 1.0 > To: Angela Wilczynski , > Anibal Valiente , > Barry Bluestein , > Bob Margolis , "Damien M. Jones" , > Dean-Christian Strik , > Derek Hasted , > Elaina Tillinghast , Eva Jacsch = , > Frederik Slijkerman , > Hans Bomers , James Weaver , > Kathy Drake , Kathy Roth , > Ken Childress , > "Luc-Andr=E9 Rey" , > "Morgan L. Owens" , > Sylvie Gallet , > "W. Decker" , William Decker > Subject: [Fwd: [Fwd: FW: FW: Disney Trip for Free....You know I'm there!!= !]] > Content-Type: multipart/mixed; boundary=3D"------------5C5529E0DC42532FE8= 6961FE" > Return-Path: diosnel@krauch.com.py > ---- Kragen --=20 Kragen Sitaker We are forming cells within a global brain and we are excited that we might start to think collectively. What becomes of us still hangs crucially on how we think individually. -- Tim Berners-Lee, inventor of the Web