[AusNOG] Disturbing new spam trend?

Ross Wheeler ausnog at rossw.net
Wed Oct 7 13:55:28 EST 2015



On Tue, 6 Oct 2015, Scott Howard wrote:

> The headers below this one are bogus.  It's nothing new - include some
> additional headers, often actually taken from a real message but with the
> timestamp (and sometimes, but not always, message-id) modified.

Yep, seen those for many years...

> In theory it makes the message seem more legitimate, and some very

I'd figured that was the "justification".

> broken anti-spam systems will follow down to what appears to be the last 
> legitimate header with public IP (which in this case is 202.3.36.15) and 
> then do a reputation check on that IP - which not surprisingly returns a 
> good reputation on every system I checked.

Thanks to everyone for your input. I guess I was rattled when I saw what 
"appeared" to be my mail server hostname with what was clearly NOT my IP, 
and jumped quickly to the wrong conclusion without further pause for 
thought.

R.


More information about the AusNOG mailing list