Junk Mail



In the last hour or so I’ve received a TON of bounced emails to various fake addresses at averyjparker.com Just in case anyone has come here thinking I’m sending them out, I’m not. Some junk mailer has decided to forge the return address with averyjparker.com as the domain. Unfortunately this is rather trivial to do. (It would be equally simple to have email that appears to be from gwbush@whitehouse.gov) The mailserver at averyjparker.com has not been used for these junkmails and if you take a look at the header information you can find the source (s). (Usually the source is the earliest received: header address – each received: header down you’re going back towards the source.) The mails I’ve received are coming from a couple sources and all will be reported to the appropriate ISP’s as I have time.

For instance…. here’s the most recent with the relevant portion of the original portion of the email headers.

Content-Type: message/rfc822
Received: from bhk.com ([142.177.152.30]) by simmts6-srv.bellnexxia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031113002959.JGOL1511.simmts6-srv.bellnexxia.net@bhk.com>; Wed, 12 Nov 2003 19:29:59 -0500Message-ID: <756901c3a97d$e5df7db7$ee71ddf4@nxcddsb>From: “Manon Nss”

m.nss_sh at averyjparker.com is a bogus address – bhk.com also doesn’t exist, but 142.177.152.30 is a legitimate network address (this part is much harder to forge or fake than a domain name.) Also the message was received by a mailserver at bellnexxia.net which may also be a forged name…. Anyway, I’ve tracked the ips of several of these spammers as well as the site that all are redirecting to. Emails to abuse@ the appropriate ISP’s will be coming.

Related Posts

Blog Traffic Exchange Related Posts
  • Bank of the west notice (sigh) Well, how long ago was I talking about phishing attacks? Just a few posts back it seems and in my inbox this evening was the above subject line. It's almost funny, since I don't actually HAVE an account with Bank of the West, but since I was feeling a bit......
  • Pay per click hijacking Interesting article at lurhq.com on pay per click hijacking, which is really an extension on old DNS poisoning attacks. Essentially the DNS poisoning attack works like this... Every domain name on the internet is really just an easy way to access the machine address or IP address. So google.com right......
  • Another Sober.y reminder f-secure.com has another warning for us about the pending awakening of the sober worm. From reports it's expected to start looking for sites to download from January 5th into January 6th. There is an extensive list of URL's to block. This from f-secure.com - if you're in charge of block......
Blog Traffic Exchange Related Websites
  • Zopa Security Leak? (This security leak was plugged in under 24 hours from reporting... Luke from Zopa confirmed fix in comments at the end of the post. This note was added after the security leak was fixed.) I was randomly checking my stats on Zopa and noticed that a person with whom I......
  • Web Hosting Tips to Integrate Email Hosting Services This is a guest post! If you want to write for us, Contact using the Contact Me form. There are two types of webmasters who are in need of good web hosting service providers. In the first type, they build the website first and find the hosting company afterwards to......
  • Is Social Security a Ponzi Scheme? (Part 3: How to Fix Social Security) The following is a continuation of the Is Social Security a Ponzi Scheme? (Part 1) and Is Social Security a Ponzi Scheme? (Part 2: An Explanation of Social Security Works). Those articles explained the history of Charles Ponzi and the original Ponzi scheme and explained how Social Security works. In......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site