[Dshield] Have spammers managed to forge the first received lines?
lists at webcrunchers.com
Sun Feb 1 15:01:50 GMT 2004
I've been getting some spam from these IP addresses. The Whois lookups
fail, because these addresses are not assigned anywhere, or the
None of these are pingeable, and are perhaps "dead" IP addressed,
quite troubling, because this indicates either that spammers have
how to forge the first received line in the header, OR have somehow
to program the upstream routers to "steal" these IP addresses, and are
activating them during their spam binges.
Is there anyone who can shed some light on this? Has anyone gotten
in their IDS or mail logs? If so, inquiring minds want to know.
More information about the list