Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Spam header

1 view
Skip to first unread message

Shakib Otaqui

unread,
Mar 31, 1998, 3:00:00 AM3/31/98
to

Can anyone help interpret the following mail header? I usually
ignore spam, but feel that spam addressed to postmaster needs
further action.


From simonh...@iname.com Fri Mar 27 18:37:02 1998
Received: from relay-10.mail.demon.net ([194.217.242.135]) by alquds.demon.co.uk
with SMTP id AA78459 for <postm...@alquds.demon.co.uk>;
Fri, 27 Mar 1998 18:36:57 +0000 (GMT)
Received: from punt-1.mail.demon.net by mailstore
for postm...@alquds.demon.co.uk id 891023136:10:05769:0;
Fri, 27 Mar 98 18:25:36 GMT
Received: from [207.51.48.185] ([207.51.48.185]) by punt-1.mail.demon.net
id aa0902919; 27 Mar 98 18:25 GMT
Received: from richard.general.powernet (modem98.daffy.pol.co.uk
[195.92.3.226]) by pop01.globecomm.net (8.8.8/8.8.0) with SMTP id NAA27547 for
<postm...@alquds.demon.co.uk>; Fri, 27 Mar 1998 13:24:01 -0500 (EST)
Date: Fri, 27 Mar 1998 13:24:01 -0500 (EST)
Message-Id: <1998032718...@pop01.globecomm.net>
From: Simon Hampson <simonh...@iname.com>
To: <postm...@alquds.demon.co.uk>
Return-Receipt-To: <simonh...@iname.com>
Subject: CALLING ALL ORANGE MOBILE PHONE USERS


--

_____________________________________________________________________
Shakib Otaqui Al-Quds Consult


Dave Smith

unread,
Mar 31, 1998, 3:00:00 AM3/31/98
to

Shakib Otaqui wrote in message <891362...@alquds.demon.co.uk>...

>Can anyone help interpret the following mail header? I usually


k.


>Received: from richard.general.powernet
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Load of bollocks

(modem98.daffy.pol.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^ where it really came from - the ip is in
brackets, and is confirmed to be correct... however this is a DYNAMIC ip..
so you would need to speak to the peoples @ pol.co.uk (Planet Online) - they
should have authentication logs for (modem98) @ the specified mail time.
Unfortunately he/she used an open mail relay in the states for sending the
mail... but the authentication logs should still give the desired info.

HTH, Regards,

--

+--------------------------------------------------------+
| Dave Smith - http://www.fddi.eu.org [currently down] |
| -= da...@fddi.eu.org =- |
+--------------------------------------------------------+


Dave Smith

unread,
Mar 31, 1998, 3:00:00 AM3/31/98
to

Rich Wood wrote in message <35223517....@bastard.chugaboom.net>...
>In <3521324e....@bastard.chugaboom.net>, ne...@dynamite.org (Rich
>Wood) wrote:
>> Assuming
>>pop01.globecomm.net is actually 207.51.48.185 (not online at the
>>moment so I can't check),
>
>It is.


Yeah - could be another user though....

>Server: bastard
>Address: 127.0.0.1


What can i say? Nice server name ! :)

Shakib Otaqui

unread,
Mar 31, 1998, 3:00:00 AM3/31/98
to

On Tue, 31 Mar 1998 18:18:02 GMT, in article
<3521324e....@bastard.chugaboom.net> ri...@dynamite.org
"Rich Wood" wrote:

RW> In <891362...@alquds.demon.co.uk>, nom...@alquds.demon.co.uk
RW> (Shakib Otaqui) wrote:
RW>
RW> >
RW> >Can anyone help interpret the following mail header? I usually
RW> >ignore spam, but feel that spam addressed to postmaster needs
RW> >further action.
RW> >
RW> >
RW> >From simonh...@iname.com Fri Mar 27 18:37:02 1998

Thanks to you and others for explanations. I had already
written to ab...@iname.com, whose domain appeared in the SMTP
envelope. I had an autoresponder reply almost immediately
which claimed that they take spam very seriously and included
a list of users they have already banned. It also revealed
that iName (a mail fowarding service) is owned by GlobeComm,
which explains some of the other addresses the message went
through.

Based on the extra information here, I've now also forwarded
the message to ab...@pol.co.uk

Shakib Otaqui

unread,
Apr 2, 1998, 3:00:00 AM4/2/98
to

On Tue, 31 Mar 1998 19:34:58 +0100, in article
<1eab-310...@ukmusic.prestel.co.uk>
ne...@ukmusic.prestel.co.uk "Ben Smithurst" wrote:

BS> Complain to ab...@theplanet.net if it really did come from that Planet
BS> modem, which you can't be sure of from those headers. Worth a try though.

I have. GlobeComm (parents of the iName forwarding service
which he used) have now sent a further message stating that
his account has been cancelled after an earlier complaint.

Shakib Otaqui

unread,
Apr 3, 1998, 3:00:00 AM4/3/98
to

On Tue, 31 Mar 1998 19:34:58 +0100, in article
<1eab-310...@ukmusic.prestel.co.uk>
ne...@ukmusic.prestel.co.uk "Ben Smithurst" wrote:

BS> Complain to ab...@theplanet.net if it really did come from that Planet
BS> modem, which you can't be sure of from those headers. Worth a try though.

They too have now replied saying that his account has been
cancelled.

0 new messages