[Dshield] Re: Klez header question

John Hardin johnh at aproposretail.com
Fri Aug 30 15:54:50 GMT 2002

On Thu, 2002-08-29 at 18:55, Daniels566 at cs.com wrote:
> This again is the header and return path of the klez I posted a few days ago. 
> Maybe someone has the skill to map this thing. I sent a copy to Juno and they 
> determined it was a forgery implying them.
> Received: from  rly-xg02.mx.aol.com (rly-xg02.mail.aol.com []) 
> by air-xg01.mail.aol.com (v87.22) with ESMTP id MAILINXG13-0818213610; Sun, 
> 18 Aug 2002 21:36:10 -0400
> Received: from  out003.verizon.net (out003pub.verizon.net []) 
> by rly-xg02.mx.aol.com (v87.22) with ESMTP id MAILRELAYINXG25-0818213515; 
> Sun, 18 Aug 2002 21:35:15 -0400
> Received: from Pgcdjo ([]) by out003.verizon.net
>           (InterMail vM. 201-253-122-126-109-20020611) with SMTP
>           id <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
>           for <Wolves5149 at aol.com>; Sun, 18 Aug 2002 20:35:44 -0500

It originated at - if that netblock is owned by Juno,
they are the responsible ISP.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
 110 days until The Two Towers

More information about the list mailing list