[Dshield] Spam Trek - The Next Generation

David Sentelle David.Sentelle at cnbcbank.com
Mon Jun 10 12:40:42 GMT 2002

(Sorry for the top-posting, but groupwise won't indent the message being replied to)

Ah, thanks for the note.  I looked at the email again before deleting it this weekend, and it must have passed through an odd MTA, because there was no 'for <address>' portion.  I'd also BCCed my posting to the dshield to my home address and saw how the header looked then, too.  In my BCC to myself, I could seen where it was 'for <address>', so I'm not JUST a spaz.  :)

David Sentelle
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice    614.848.8830 Fax

>>> "Jon R. Kibler" <Jon.Kibler at aset.com> 06/07/02 06:28PM >>>
David Sentelle wrote:
> While we're on the subject of spam.....
> I've not yet tried spamcop's or samspade's message header parsing programs, but usually I can look at the header and at LEAST figure out
> which of my email addresses the spam was sent to.  
> Recently, I've gotten several emails where even that was not discernable.  I'm going to try the tools mentioned in today's digest, but I
> don't expect them to turn up anything.  
> My question is how can I get email that doesn't have my email address in the full header?
> TIA & good weekend to all-

If you are Bcc:-ed on a email, most sending MTAs will just do a 'RCPT <address>' and that will route the message to your address. Most receiving MTAs will then add a 'for <address>' to the Received: header. 

Hope this helps.

Jon Kibler

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which 
they are addressed. If you have received this e-mail in error, 
please notify admin at cnbcbank.com and delete it from your system.

More information about the list mailing list