Firewall Wizards mailing list archives
Spoofed Email
From: "Donald R. Martin" <grey () highway1 com>
Date: Fri, 19 Sep 1997 13:28:25 -0400
I really hate to get started on the wrong foot with the new list, but somebody spoofed my email account yesterday and I'm being flooded with hundreds of non-deliverable messages, spam messages, threat notes, and propositions... of which I can't speak. You, being firewall wizards, must know something about mail headers. If this in inaproppriate, please forgive me. I'm not able to follow the new list, as I'm buried with messages regarding un-godly sexuality and such. Being thankful to get away from the spam on the old firewalls list, I now find myself in a very peculiar postion here. Have a heart eh? I sent a note to one of the aggravated receivers of the spoofed message, who in turn sent me this portion of the header of the original message: Received: from 204.201.132.101 (172-129-229.ipt.aol.com [152.172.129.229]) by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA05708; Thu, 18 Sep 1997 05:00:52 -0700 (PDT)
From the un-deliverable notices I'm getting, I can extrapolate this:
----- Original message follows ----- Return-Path: <Grey () usa net> Received: from cyan.alamak.net ([204.201.132.101]) by ixmail7.ix.netcom.com (8.7.5/SMI-4.1/Netcom) id FAA24211; Thu, 18 Sep 1997 05:23:51 -0700 (PDT)
From: Grey () usa net
Received: from 204.201.132.101 (172-129-229.ipt.aol.com [152.172.129.229]) by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA07228; Thu, 18 Sep 1997 05:06:29 -0700 (PDT) Received: from PostMaster <postmaster () here com> by Here.com (8.8.5/8.6.5) with SMTP id GAA09426 for <erased () juno com>; Thu, 18 Sep 1997 07:56:54 -0600 (EST) Date: Thu, 18 Sep 97 07:56:54 EST To: erased () juno com Subject: Hello Message-ID: <199709150223.WAA28568 () hero com> Reply-To: erased () juno com X-UIDL: 00192883774665372615222884674775 Comments: Authenticated sender is <grey () usa net> The user id 'erased' was removed to protect the innocent. I know it was un-deliverable. I can't send the original message itself, for fear of even more propositions, not that any of you would participate in such activities. It looks like somebody may have hacked my original shell account at usa.net, but I no longer have the password for that account, and the email from usa..net has been forwarded to another account.
Current thread:
- Spoofed Email Donald R. Martin (Sep 19)