[Dshield] question about tracking spam

Cruz, Dan Dan_Cruz at eu.odedodea.edu
Tue Nov 26 09:17:55 GMT 2002


First and foremost, I want to say what a help watching this list has been.
People here are extremely helpful with dispensing knowledge and assistance.
[OK, now that I am done kissing up :>)  ]

I could use some assistance. The following was brought to my attention
because one of our IP addresses (xxx.xxx.186.79 in red below) was in the
header information. The problem is, although the block is within our range,
it has never been used (to the best of our knowledge), and has been our for
a few years. We have no networks using the affected IP blocks on-line. In
trying to figure out the received path I get totally lost. I am trying to
figure out how our IP address got into the mix, thus resulting in an email
to us (although NOT to abuse at eu.odedodea.edu, since it is nonexistent). 

In other words I am going around in circles here!!!  Any suggestions or
comments?

Dan


____________________________________________________________________________
________________________
-----Original Message-----
From: Nicole Bremner [mailto:ponine at telus.net]
Sent: Sunday, November 17, 2002 3:39 AM
To: norm.seethoff at fluke.com; abuse at fluke.com;
xxxxxxxxxxx at eu.odedodea.edu; abuse at eu.odedodea.edu;
HOSTMASTER at nic.mil; abuse at nic.mil
Subject: [Fwd: Dateless? 88-2]


Return-Path:
                   <sandbaruu408 at comcast.net>
          Received:
                   from comcast.net ([63.110.133.196]) by
priv-edtnes09-hme0.telusplanet.net (InterMail
                   vM.5.01.05.17
201-253-122-126-117-20021021) with SMTP id

<20021117020931.XANX4998.priv-edtnes09-hme0.telusplanet.net at comcast.net>;
Sat, 16
                   Nov 2002 19:09:31 -0700
          Received:
                   from unknown (129.196.102.126) by
symail.kustanai.co.kr with NNFMP; Sat, 16 Nov 2002
                   20:13:39 +0400
          Received:
                   from [24.151.89.196] by q4.quickslow.com
with smtp; 17 Nov 2002 00:08:40 -0300
          Received:
                   from xxx.xxx.186.79 ([xxx.xxx.186.79]) by
rly-xr01.nihuyatut.net with asmtp; Sat, 16 Nov
                   2002 21:03:41 -0700
          Received:
                   from smtp-server1.cflrr.com
([28.242.36.170]) by rly-xr01.nihuyatut.net with esmtp; Sat,
16
                   Nov 2002 13:58:42 +1000
          Received:
                   from [115.119.21.91] by pet.vosni.net
with esmtp; 16 Nov 2002 23:53:43 +0200
          Reply-To:
                   <sandbaruu408 at comcast.net>
        Message-ID:
                   <020b58a41b3b$2125a4d2$3eb24ae4 at iqeomt>
             From:
                   <sandbaruu408 at comcast.net>
                To:
                   <ponine at telus.net>, <poohbear at telus.net>,
<portocall at telus.net>, <potzy at telus.net>,
                   <poundpuppy at telus.net>
            Subject:
                   Dateless? 88-2
              Date:
                   Sat, 16 Nov 2002 18:49:58 +0700
     MiME-Version:
                   1.0
      Content-Type:
                   multipart/mixed;
boundary="----=_NextPart_000_00C7_52D40D0C.C7523D62"
         X-Priority:
                   3 (Normal)
 X-MSMail-Priority:
                   Normal
          X-Mailer:
                   Microsoft Outlook, Build 10.0.2616
        Importance:
                   Normal
   X-Mozilla-Status:
                   8001
  X-Mozilla-Status2:
                   00000000
           X-UIDL:
                   <020b58a41b3b$2125a4d2$3eb24ae4 at iqeomt>

sandbaruu408 at comcast.net wrote:

> 0534fPGo4-485bZMb7354MhMG3-851GIHx4876szIz5-l41
>                                                                    [Image]

                        --- The most comprehensive adult match making
service
               [Image]     [Image]     [Image]     [Image]
             Check some of our actual pictures from real members!
                Welcome to one of the Internet's premier adult
                 match making services where people just like
              yourself can view and place personal advertisements
                     which are viewed by thousands daily!

                 Web Adult Classifieds has thousands of ads -
                   something for everyone, male or female!


                  [Image] Click here to be convinced[Image]
               (will open in a new window for your convenience)
>           To Remove yourself from this opt-in mailing Click Here
>
> 5730gXNl0-720rPzz8391ZrGl23?Ù¥




More information about the list mailing list