Earthlink is pretty good about reporting where things come from. And the
address IS from an acm.org machine. It is in their netblock. I've never
seen a forged Earthlink smtp Received header. It does look like the
postini results are forged or are from a hacked DNS setup.
----- Original Message -----
From: "Michael Scheidell" <[EMAIL PROTECTED]>
To: "jdow" <[EMAIL PROTECTED]>; "John D. Hardin" <[EMAIL PROTECTED]>
Cc: <users@spamassassin.apache.org>
Sent: Monday, July 31, 2006 16:35
Subject: RE: postini.com
-----Original Message-----
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Monday, July 31, 2006 7:16 PM
To: John D. Hardin
Cc: users@spamassassin.apache.org
Subject: Re: postini.com
> Sample headers?
I am sure you know that the only headers you can 100% truse are the last
set (earthlink)
I am assuming that earthlink received it from ossie.acm.org, but that
cannot be confirmed.
Also, cannot be confirmed that postini actually sent it to
ozzie.acm.org.
(unless you ask postini, who doesn't have a working abuse@ address, or
postmaster@, and their whois contacts is invalid also..
Approved-By: [EMAIL PROTECTED]
Received: from psmtp.com (exprod7mx59.postini.com) by
ozzie.acm.org (LSMTP for
Windows NT v1.1b) with SMTP id
<[EMAIL PROTECTED]>; Mon, 31
Jul 2006 5:52:36 -0400
Received: from source ([63.118.7.109]) (
63.118.7.109 doesn't look like a postini email address.
Both headers seem to feature X-Keywords: <lots of blanks>. I seem to
be dumb this "virtual morning" and can't get a test to work for it.
{^_^}
