[Dshield] odd email spoof, any ideas?

john beck jbeck80 at hotmail.com
Wed Feb 25 19:43:12 GMT 2004

Can anyone comment on this email that is getting through our filter, the 
recipient is not what is indicated in the header.  I am pasting in the 
exported email with header.  I do not see how it is getting to destination, 
the bdpiersc at xxxx.com (obscured by me, has our domain) is not real and it is 
getting delivered to a user on my domain.

Thanks in advance

Received:  from InternetFirewall.xxxx.com ([])          by xxxxx
6.0.2CF1)          with ESMTP id 2004022422564604-9043 ;          Tue, 24 
Feb 2004 22:56:46 -0600
Received:  from mailfilter.xxxx.com by InternetFirewall.xxxx.com          
via smtpd (for xxxx.com []) with ESMTP; Tue, 24 Feb 2004 
22:37:59 -0600
Received:  from []     (200-204-151-247.speedyterra.com.br 
[]) by     mailfilter.xxxx.com (Content Technologies SMTPRS 
4.3.10) with SMTP id     <T67f626c4dec0a8b4158a4 at mailfilter.aric.com>; Tue, 
24 Feb 2004 22:56:07     -0600
Received:  from [] by [] via smtpd     (for 
mailfilter.xxxx.com []) with ESMTP; Tue, 24 Feb 2004     
22:37:54 -0600
SendTo:  <bdpiersc at xxxx.com>
PRINCIPAL:  "percy" <gocougs21chevy at hotmail.com>
PostedDate:  02/24/2004 10:52:50 PM
$MessageID:  <1077684770-26176 at excite.com>
From:  la1wson99 at hotmail.com
$MIMETrack:  Itemize by SMTP Server on ARI/ITD(Release 6.0.2CF1|June 9, 
2003) at 02/24/2004 10:56:46 PM,MIME-CD by Notes Client on xxxxx/(Release 
6.0.2CF1|June 9, 2003) at 02/25/2004 01:18:25 PM,MIME-CD complete at 
02/25/2004 01:18:25 PM
SMTPOriginator:  gl1l at hotmail.com
$UpdatedBy:  ,CN=ARI/O=ITD
$Orig:  BE3BDB7F2133EA1B86256E45001B2B80
RouteServers:  CN=xxx/O=ITD
RouteTimes:  02/24/2004 10:56:46 PM-02/24/2004 10:56:46 PM
$MsgTrackFlags:  0
DeliveredDate:  02/24/2004 10:56:46 PM

Only $2 a dose!!


wright hornetsuzuki honda1 prof sasha meow shelley
nesbitt basilkiss reznor mookie
jeanette sunbird ledzep

Get off this list by going to http://improvedpills.com/gv/applepie.php

Say “good-bye” to spam, viruses and pop-ups with MSN Premium -- free trial 
offer! http://click.atdmt.com/AVE/go/onm00200359ave/direct/01/

More information about the list mailing list