The "Meds" Spam from list
David Relson
relson at osagesoftware.com
Mon Oct 16 05:05:52 CEST 2006
Thanks to the 2 of you who sent me copies of the email. No need for
anyone else to send a copy.
What happened is that the message has a forged return address. The
significant lines of the header are:
Received: from JMNMU-56C885ABD (unknown [58.19.18.106])
by mail.osagesoftware.com (Postfix) with ESMTP id C13477BCF3
for <bogofilter at bogofilter.org>; Sun, 15 Oct 2006 08:19:32
-0400 (EDT)
Message-ID: <000001c6f054$2ed0e900$6401a8c0 at JMNMU-56C885ABD>
From: "Simon" <somebody at domain.edu>
To: <bogofilter at bogofilter.org>
Subject: Medications that you need!
Date: Sun, 15 Oct 2006 20:19:38 +0100
The "From:" address contains a subscriber's name (I've modified it
here, but any of you with a copy of the message can check it). Since
mailman uses the from address to identifies valid messages, the message
was sent out to the list.
"unknown [58.19.18.106]" indicates the message came from a machine
without a reverse dns entry, which is rarely true of a real mail
server, but is often true of a zombie machine. The ip address for the
return address was 128.x.y.z - a completely different location.
As the bogofilter list's owner, a bunch of spam appears in my
bogofilter folder. Rather than check each one (which would take too
much time), I just file them.
If I recall, a couple of years ago the same thing happened -- a
forged return address caused the list to be spammed. If this becomes a
frequent occurrence, I'll worry about it. OK?
Regards,
David
More information about the Bogofilter
mailing list