Hi John, I have looked at the "originating" IP's in the headers, and I find a curious thing: They are all built and structured differently. Those on the messages I send through time-nuts don't have my IP listed as originating... or listed at all. The header information I find in the messages that come to me is generally showing the path from febo to my ISP... febo is listed as the originating IP.
I think the originating IP header in the spam mail from jeff was added there by the spammer... just like they generally add headers that try to tell you that the message is whitelisted, approved by spamassasin, and not spam, etc.. -Chuck Harris John Ackermann N8UR wrote:
See my other message for more details, but the spammers often use a two-step approach: (1) harvest address lists from the web, from compromised machines, etc., and (2) send those addresses, along with the payload, off to the botnets who then send the actual email. That gives legitimate-looking senders along with the volume sending power of the botnet. I think in the past things work as you suggested and probably often still do, Chuck, but if you look at the originating IP on these messages they often are in blocks assigned to countries unlikely to be the home of the victim. John
_______________________________________________ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.