Bill forwarded the email to me.
My response:
This received header is the key:
Received: from c9rxllkk ([unknown] [220.95.137.166]) by
vms169129.mailsrvcs.net (Sun Java(tm) System Messaging Server
7u2-7.02 32bit (built Apr 16 2009)) with ESMTP id
<0ln100itki5fq...@vms169129.mailsrvcs.net> for
billycarm...@verizon.net; Sun, 19 Jun 2011 08:46:41 -0500 (CDT)
220.95.137.166 is in Korea. The spammer is using a zombied peecee
there to relay it.
Other than the fact that it was addressed to
billycarm...@verizon.net, there is no evidence this has anything to
do with any LEM list.
The above Received header is likely legit because mailsrvcs.net is a
service domain owned by Verizon and that is the server that created
that header.
Notice that you, the recipient, are *different* from the To address.
That's fine - except for that final Received header, *ALL* other mail
headers are forgeable and optional. The actual address(es) to which
an email is sent are given to the smtp server separately, as part of
its protocol.
(I've omitted that To: field in this list reply because that address
might be legit, some poor guy that's being abused by a spammer. No
need to spread his addr farther).
(and the body of the email is just a standard drug push with a url in
the Russian tld. Kindof boring, actually, not even a spoofed domain).
- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
--
You received this message because you are a member of G-Group, a group for
those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
For more options, visit this group at http://groups.google.com/group/g3-5-list
