[Dshield] Have spammers managed to forge the first received lines?

Rick Klinge rick at jaray.net
Mon Feb 2 14:35:03 GMT 2004


Spammers have been doing this for quite awhile.. That's what is so hard
about adding blocks like this into a boarder router / bogons list.  Our
email filter does a rDNS so there's about 100% chance that we won't receive
email like this.

~Rick

> 
> Am 1 Feb 2004 schrieb JD zum Thema Re: [Dshield] Have 
> spammers managed to forge the :
> 
> Hello,
> 
> > Received: from uvttgk (smtpout-2-63.shoppersville.net 
> > [157.156.162.63])  by mail.host.net (8.12.9/8.12.9) with SMTP id 
> > h4K4jEI5007488  for <crunch at host.net>; Tue, 20 May 2003 
> 00:45:17 -0400
> 
> It seems, that 157.156.162.63 belongs to VMXNET according to 
> http://openrbl.org/ip/157/156/162/63.htm
> 
> As Ulrich already 
> mentioned: hijacked IP-space.
> 
> The address is listed in NJABL, SORBS and SPEWS. 
http://www.njabl.org/cgi-bin/lookup.cgi?query=157.156.162.63
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=157.156.162.63
http://spews.org/html/S2461.html



___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list