subject:"RE\: Life Insurance Spam with strange addressing"

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread Steve Ens

Title: Message

Gettin
jiggy wit it...

These are the subjects: $250,000 policy for only $8.50/month! Best Life Insurance, Lowest Cost.
Thanks,
William L. Smith Systems Administrator Riptech, Inc. Real-Time Information Protection 2800 Eisenhower Avenue Alexandria,
VA 22314 http://www.riptech.com
w: (703) 373-5158 c: (703) 946-0894 f: (703) 373-6158 e: [EMAIL PROTECTED] List Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread Purviance, Chad

Title: Life Insurance Spam with strange addressing









William

    Review
the actual header of the message (View, Options, Internet
Headers) and see where it really originated and if it even used your system. It
is a common practice now to send mail to you from you.

 

CJP

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, June 18, 2002 11:00
AM
To: [EMAIL PROTECTED]
Subject: Life Insurance Spam with
strange addressing

 

 

Has anyone seen a recent crop of Life Insurance spam
coming in with strange addressing? Last week we received the 2 emails. Normally
I wouldn't be concerned with spam like this, but if I look at the addressing it
is coming from a valid address (of course it has to be of two executives...)
and then delivering to staff.  The first message reads from
[EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to staff. The second
message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and again was delivered
to staff. The thing that really makes me wonder is that [EMAIL PROTECTED] no
longer works here and her email address is hidden from the address book.

The headers indicate that the messages are coming
from our mail server, but obviously we aren't sending our self spam. Is there a
way to spoof this? Possibly a worm?

I've found references to the subject lines on Google,
but no one mentions the addressing issue, only that it is spam. 

These are the subjects: 
$250,000
policy for only $8.50/month! 
Best
Life Insurance, Lowest Cost. 

Thanks, 

 

William L. Smith 
Systems
Administrator 
Riptech, Inc. 
Real-Time Information
Protection 
2800
Eisenhower Avenue 
Alexandria,
VA 22314 
http://www.riptech.com

w:
(703) 373-5158 
c: 
(703) 946-0894 
f:  
(703) 373-6158 
e: 
[EMAIL PROTECTED] 


List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm




List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm




 +++The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.   If you received this in error, please contact the sender and destroy any copies of this document.+++
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread Beasley, Phil

Title: Life Insurance Spam with strange addressing

We are
experiencing the same problems here
R/Phil

-Original Message-From: William Smith
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 18, 2002 12:00
PMTo: MS-Exchange Admin IssuesSubject: Life Insurance
Spam with strange addressing
Has anyone seen a recent crop of Life Insurance
spam coming in with strange addressing? Last week we received the 2 emails.
Normally I wouldn't be concerned with spam like this, but if I look at the
addressing it is coming from a valid address (of course it has to be of two
executives...) and then delivering to staff. The first message reads
from [EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to staff. The second
message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and again was delivered
to staff. The thing that really makes me wonder is that [EMAIL PROTECTED] no
longer works here and her email address is hidden from the address
book.
The headers indicate that the messages are coming
from our mail server, but obviously we aren't sending our self spam. Is there
a way to spoof this? Possibly a worm?
I've found references to the subject lines on
Google, but no one mentions the addressing issue, only that it is spam.

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread William Smith

Title: Message

Ok. I misread one of the lines in the header. The
messages are indeed coming from another source (one hosted by Cogent the other
won't resolve) hitting our fw then exchange. I can see the idea of
addressing to me from me, but how would this explain that the messages appear to
have gone to staff, unless they did it one by one. Also not my staff
mailing/distro lists are not accessible from the
outside.
Thanks for your input,
W

-Original Message-From: Purviance, Chad
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002
12:12 PMTo: MS-Exchange Admin IssuesSubject: RE: Life
Insurance Spam with strange addressing

William
Review the actual header of the message (View, Options, Internet Headers) and see where it really originated and if
it even used your system. It is a common practice now to send mail to you from
you.
CJP
-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:00
AMTo:
[EMAIL PROTECTED]Subject: Life Insurance Spam with strange
addressing
Has anyone seen a recent crop of
Life Insurance spam coming in with strange addressing? Last week we received
the 2 emails. Normally I wouldn't be concerned with spam like this, but if I
look at the addressing it is coming from a valid address (of course it has to
be of two executives...) and then delivering to staff. The first message
reads from [EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to staff. The
second message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and again was
delivered to staff. The thing that really makes me wonder is that
[EMAIL PROTECTED] no longer works here and her email address is hidden from the
address book.
The headers indicate that the
messages are coming from our mail server, but obviously we aren't sending our
self spam. Is there a way to spoof this? Possibly a
worm?
I've found references to the
subject lines on Google, but no one mentions the addressing issue, only that
it is spam.
These are the
subjects: $250,000 policy for only
$8.50/month! Best Life Insurance, Lowest
Cost.
Thanks,

William L. Smith
Systems
Administrator Riptech,
Inc. Real-Time
Information Protection 2800 Eisenhower
Avenue Alexandria, VA
22314 http://www.riptech.com
w: (703) 373-5158
c: (703)
946-0894 f: (703)
373-6158 e:
[EMAIL PROTECTED]
List Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htmList
Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htm
+++The information transmitted is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and destroy any copies of this
document.+++
The information transmitted is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and destroy any copies of this
document.
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread William Smith

Title: Message

all
the time.
W

-Original Message-From: Steve Ens
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 12:03
PMTo: MS-Exchange Admin IssuesSubject: RE: Life
Insurance Spam with strange addressing
Gettin jiggy wit it...

-Original Message-From: William Smith
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:00
AMTo: MS-Exchange Admin IssuesSubject: Life Insurance
Spam with strange addressing
Has anyone seen a recent crop of Life Insurance
spam coming in with strange addressing? Last week we received the 2 emails.
Normally I wouldn't be concerned with spam like this, but if I look at the
addressing it is coming from a valid address (of course it has to be of two
executives...) and then delivering to staff. The first message reads
from [EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to staff. The
second message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and again was
delivered to staff. The thing that really makes me wonder is that
[EMAIL PROTECTED] no longer works here and her email address is hidden from the
address book.
The headers indicate that the messages are coming
from our mail server, but obviously we aren't sending our self spam. Is
there a way to spoof this? Possibly a worm?
I've found references to the subject lines on
Google, but no one mentions the addressing issue, only that it is
spam.
These are the subjects: $250,000 policy for only $8.50/month! Best Life Insurance, Lowest Cost.
Thanks,
William L. Smith Systems Administrator Riptech, Inc. Real-Time Information Protection 2800 Eisenhower Avenue Alexandria, VA 22314 http://www.riptech.com w: (703) 373-5158 c: (703)
946-0894 f: (703)
373-6158 e:
[EMAIL PROTECTED] List Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htmList
Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread Bunting, Jeff

Title: Message

and
why would you think it wasn't sent to everyone individually?
-Original Message-From:
William Smith [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 18, 2002
1:19 PMTo: MS-Exchange Admin IssuesSubject: RE: Life
Insurance Spam with strange addressing

Ok. I misread one of the lines in the header.
The messages are indeed coming from another source (one hosted by Cogent the
other won't resolve) hitting our fw then exchange. I can see the
idea of addressing to me from me, but how would this explain that the messages
appear to have gone to staff, unless they did it one by one. Also not my staff
mailing/distro lists are not accessible from the
outside.
Thanks for your input,
W

-Original Message-From: Purviance,
Chad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June
18, 2002 12:12 PMTo: MS-Exchange Admin IssuesSubject:
RE: Life Insurance Spam with strange addressing

William
Review the actual header of the message (View, Options, Internet Headers) and see where it really originated and
if it even used your system. It is a common practice now to send mail to you
from you.
CJP
-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:00
AMTo:
[EMAIL PROTECTED]Subject: Life Insurance Spam with
strange addressing
Has anyone seen a recent crop of
Life Insurance spam coming in with strange addressing? Last week we received
the 2 emails. Normally I wouldn't be concerned with spam like this, but if I
look at the addressing it is coming from a valid address (of course it has
to be of two executives...) and then delivering to staff. The first
message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to
staff. The second message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and
again was delivered to staff. The thing that really makes me wonder is that
[EMAIL PROTECTED] no longer works here and her email address is hidden from the
address book.
The headers indicate that the
messages are coming from our mail server, but obviously we aren't sending
our self spam. Is there a way to spoof this? Possibly a
worm?
I've found references to the
subject lines on Google, but no one mentions the addressing issue, only that
it is spam.
These are the
subjects: $250,000 policy for only
$8.50/month! Best Life Insurance, Lowest
Cost.
Thanks,

William L. Smith
Systems
Administrator Riptech,
Inc. Real-Time
Information Protection 2800 Eisenhower
Avenue Alexandria, VA
22314 http://www.riptech.com
w: (703)
373-5158 c: (703)
946-0894 f: (703)
373-6158 e:
[EMAIL PROTECTED]
List Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htmList
Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htm
+++The information transmitted is intended only
for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and
destroy any copies of this document.+++
The information transmitted is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and destroy any copies of
this document.List Charter and FAQ
at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread William Smith

Title: Message



I 
suppose it would be easy enough to send one by one or import a batch 
to bcc.
 

  
  -Original Message-From: Bunting, Jeff 
  [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 1:33 
  PMTo: MS-Exchange Admin IssuesSubject: RE: Life 
  Insurance Spam with strange addressing
  and 
  why would you think it wasn't sent to everyone 
  individually?
   
   -Original 
  Message-From: William Smith 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 18, 2002 1:19 
  PMTo: MS-Exchange Admin IssuesSubject: RE: Life 
  Insurance Spam with strange addressing
  
Ok.  I misread one of the lines in the header. 
The messages are indeed coming from another source (one hosted by Cogent the 
other won't resolve) hitting our fw then exchange.  I can see the 
idea of addressing to me from me, but how would this explain that the 
messages appear to have gone to staff, unless they did it one by one. Also 
not my staff mailing/distro lists are not accessible from the 
outside.
Thanks for your input,
W 

  
  -Original Message-From: Purviance, 
  Chad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 
  18, 2002 12:12 PMTo: MS-Exchange Admin 
  IssuesSubject: RE: Life Insurance Spam with strange 
  addressing
  
  William
      
  Review the actual header of the message (View, Options, Internet Headers) and see where it really originated 
  and if it even used your system. It is a common practice now to send mail 
  to you from you.
   
  CJP
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:00 
  AMTo: 
  [EMAIL PROTECTED]Subject: Life Insurance Spam with 
  strange addressing
   
   
  Has anyone seen a recent crop 
  of Life Insurance spam coming in with strange addressing? Last week we 
  received the 2 emails. Normally I wouldn't be concerned with spam like 
  this, but if I look at the addressing it is coming from a valid address 
  (of course it has to be of two executives...) and then delivering to 
  staff.  The first message reads from [EMAIL PROTECTED], to 
  [EMAIL PROTECTED] but was delivered to staff. The second message reads from 
  [EMAIL PROTECTED], to [EMAIL PROTECTED], and again was delivered to staff. The 
  thing that really makes me wonder is that [EMAIL PROTECTED] no longer works 
  here and her email address is hidden from the address 
  book.
  The headers indicate that the 
  messages are coming from our mail server, but obviously we aren't sending 
  our self spam. Is there a way to spoof this? Possibly a 
  worm?
  I've found references to the 
  subject lines on Google, but no one mentions the addressing issue, only 
  that it is spam. 
  These are the 
  subjects: $250,000 policy for only 
  $8.50/month! Best Life Insurance, Lowest 
  Cost. 
  Thanks, 
  
   
  William L. 
  Smith Systems 
  Administrator Riptech, 
  Inc. Real-Time 
  Information Protection 2800 Eisenhower 
  Avenue Alexandria, VA 
  22314 http://www.riptech.com 
  w: (703) 
  373-5158 c:  (703) 
  946-0894 f:   (703) 
  373-6158 e:  
  [EMAIL PROTECTED] 
  List Charter and FAQ 
  at:http://www.sunbelt-software.com/exchange_list_charter.htmList 
  Charter and FAQ 
  at:http://www.sunbelt-software.com/exchange_list_charter.htm
  +++The information transmitted is intended only 
  for the person or entity to which it is addressed and may contain 
  confidential and/or privileged material. Any review, retransmission, 
  dissemination or other use of, or taking of any action in reliance upon, 
  this information by persons or entities other than the intended recipient 
  is prohibited. If you received this in error, please contact the sender 
  and destroy any copies of this document.+++
  The information transmitted is intended only 
  for the person or entity to which it is addressed and may contain 
  confidential and/or privileged material. Any review, retransmission, 
  dissemination or other use of, or taking of any action in reliance upon, 
  this information by persons or entities other than the intended recipient 
  is prohibited. If you received this in error, please contact the sender 
  and destroy any copies of this document.List Charter 
and FAQ 
  at:http://www.sunbelt-software.com/exchange_list_charter.htmList 
  Charter and FAQ 
  at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

2002-06-18 Thread Carl Houseman

Title: Message

Would you clarify
"gone to staff"? Are you quite certain that EVERY individual on
"staff" has received the identical spam? I mean ask each and very one of
them, or check message tracking in Exchange. The logs should also be
able to tell you whether you got 50 copies of the message for 50 recipients, or
1 copy that got to 50 people. If only one copy came in and 50 people got
it, then your DL is available to the outside world. Do your DLs have
Internet addresses?
Carl

-Original Message-From: William Smith
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 18, 2002 1:19
PMTo: MS-Exchange Admin IssuesSubject: RE: Life
Insurance Spam with strange addressing
Ok. I misread one of the lines in the header.
The messages are indeed coming from another source (one hosted by Cogent the
other won't resolve) hitting our fw then exchange. I can see the
idea of addressing to me from me, but how would this explain that the messages
appear to have gone to staff, unless they did it one by one. Also not my staff
mailing/distro lists are not accessible from the
outside.
Thanks for your input,
W

-Original Message-From: Purviance,
Chad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June
18, 2002 12:12 PMTo: MS-Exchange Admin IssuesSubject:
RE: Life Insurance Spam with strange addressing

William
Review the actual header of the message (View, Options, Internet Headers) and see where it really originated and
if it even used your system. It is a common practice now to send mail to you
from you.
CJP
-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:00
AMTo:
[EMAIL PROTECTED]Subject: Life Insurance Spam with
strange addressing
Has anyone seen a recent crop of
Life Insurance spam coming in with strange addressing? Last week we received
the 2 emails. Normally I wouldn't be concerned with spam like this, but if I
look at the addressing it is coming from a valid address (of course it has
to be of two executives...) and then delivering to staff. The first
message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED] but was delivered to
staff. The second message reads from [EMAIL PROTECTED], to [EMAIL PROTECTED], and
again was delivered to staff. The thing that really makes me wonder is that
[EMAIL PROTECTED] no longer works here and her email address is hidden from the
address book.
The headers indicate that the
messages are coming from our mail server, but obviously we aren't sending
our self spam. Is there a way to spoof this? Possibly a
worm?
I've found references to the
subject lines on Google, but no one mentions the addressing issue, only that
it is spam.
These are the
subjects: $250,000 policy for only
$8.50/month! Best Life Insurance, Lowest
Cost.
Thanks,

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

RE: Life Insurance Spam with strange addressing

8 matches

Site Navigation

Mail list logo

Footer information