MUEMAIL Archives

December 1997

MUEMAIL@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Sample of annoying E-mail
From:
Ralph Goodpaster <[log in to unmask]>
Reply To:
Miami University Electronic Mail <[log in to unmask]>
Date:
Thu, 18 Dec 1997 00:47:32 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines) 
George <[log in to unmask]> wrote:
> Ryan Mills <[log in to unmask]> wrote:
> > Below is a sample of the mail I've been getting.  I'm not sure the
> > header is all that helpful.  But I'm not an expert at deciphering
> > headers anyway.  Can anyone here help?
 
more headers were located here.
 
> >                 from trader.net ([134.53.198.24]) by nike.heidelberg.edu
> >                 from nowhere.net by trader.net id au65487; Dec97
 
> Hm...trader.net with 134.53 IP?
 
This email was poorly relayed.  To begin with the real nowhere.net does
NOT relay through trader.net, they go straight to Miami.  This Received:
header is forged in my opinion.
 
Next, 134.53.198.24 was "claiming" to be trader.net when they spam relayed
through nike.heidelberg.edu.  I've verified that the route from
nike.heidelberg.edu to us is atleast feasible (I just relayed through
them and it followed the same route).  But of course you'd have to ask
each of those system admins to actually check their logs to confirm this
email.
 
I've also verified that nike.heidelberg.edu WILL record the actual senders
IP address when it allows them to relay through them.
 
I would recommend having MCIS look into this.  I wonder if they keep logs
of who has what IP at any given time...
 
later, ralph

ATOM RSS1 RSS2