[unisog] Numeric SPAM

Eric Peters epeters at pcthome.com
Tue Jun 6 15:37:29 GMT 2006


I just got one to my personal gmail account, and the from address is set
to the person being spammed. I'll put the headers bellow, just in case
anybody wants to look.


Eric

X-Gmail-Received: 0164054e0ec924f1015c7675b68949272a26234f 


Delivered-To: eric's.personal.email at gmail.com

Received: by 10.66.240.7 with SMTP id n7cs103633ugh;

        Tue, 6 Jun 2006 08:20:25 -0700 (PDT)

Received: by 10.35.12.13 with SMTP id p13mr8246942pyi;

        Tue, 06 Jun 2006 08:20:25 -0700 (PDT)

Return-Path: <eric's.personal.email at gmail.com>

Received: from duncan.org (CPE-138-217-246-223.wa.bigpond.net.au
[138.217.246.223])

        by mx.gmail.com with SMTP id h41si853933pyh.2006.06.06.08.20.24;

        Tue, 06 Jun 2006 08:20:25 -0700 (PDT)

Received-SPF: neutral (gmail.com: 138.217.246.223 is neither permitted
nor denied by domain of eric's.personal.email at gmail.com)

Date: Tue, 06 Jun 2006 23:24:26 +0800

To: "Eric" <eric's.personal.email at gmail.com>

From: "Eric" <eric's.personal.email at gmail.com>

Subject: 586876

Message-ID: <umnbfpzgqygmkdndqcd at gmail.com>

MIME-Version: 1.0

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: 7bit



<html><body>

969



<br>

</body></html>



On Tue, 2006-06-06 at 11:23 -0400, Micheal Cottingham wrote: 



For my personal servers I use SPF, so I'll probably not see any of

these. So far at work, I've not seen or heard about this. Things like

that typically get caught up in our quarantine (though not always), so

they will get manually rejected. Perhaps they are to test

SPF/DomainKeys/SenderID? I don't know, I'm just taking a wild guess like

everybody else at the moment.



Micheal



BACHAND, Dave (Info. Tech. Services) wrote:

> Hello-

>

> I see on the ISC page that others are getting this same SPAM.  I've

> tracked it back to an ISP in China.  

>

> Any ideas about the intent of these messages?

>

> ++++++++++++++++++++++++++++++++++ 

> Dave Bachand 

> Data Network Manager 

> Information Technology Services 

> Eastern Connecticut State University 

> 83 Windham Street 

> Willimantic, CT 

> Tel. (860)465-5376 

> ++++++++++++++++++++++++++++++++++ 

>

>

>

> _______________________________________________

> unisog mailing list

>  unisog at lists.sans.org <mailto:unisog at lists.sans.org> 

>  http://www.dshield.org/mailman/listinfo/unisog
<http://www.dshield.org/mailman/listinfo/unisog> 

>

>

>   



_______________________________________________

unisog mailing list

unisog at lists.sans.org <mailto:unisog at lists.sans.org> 

http://www.dshield.org/mailman/listinfo/unisog
<http://www.dshield.org/mailman/listinfo/unisog> 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060606/59706427/attachment-0001.htm


More information about the unisog mailing list