Sponsor Message:
Non Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
I Received Spam From The Department Of Defense  
User currently offlineNoUFO From Germany, joined Apr 2001, 7966 posts, RR: 12
Posted (11 years 5 months 2 days 1 hour ago) and read 2107 times:

It is hard to believe, but it seems I received spam from the DoD Network Information Center promoting an "All new online Medical Superstore!" (no, the mail does not mention Viagra.)

The mail-header says, the IP of the very first sender (for those not familiar with email-header: that's the last "Received from:"-line) was 214.88.152.117. I understand, spammer can not manipulate the IP-number (contrary to the name) of the server which acted as sender.
According to http://openrbl.org/whois", the server belongs to the Network Information Center of the Department of Defense.

Isn't that nice? Fund-raising for the heroes of the American armed forces. (Or is it just for one webmaster?)


I support the right to arm bears
8 replies: All unread, jump to last
 
User currently offlineFightingfalcon From Switzerland, joined Feb 2001, 787 posts, RR: 1
Reply 1, posted (11 years 5 months 2 days 1 hour ago) and read 2082 times:

You sound a little experienced... what do you do against that crap? I've always just deleted it, but I get lots of it and it would be nice if I wouldn't anymore...

Martin



Imprezas rule!!
User currently offlineBigphilnyc From United States of America, joined Jan 2002, 4077 posts, RR: 54
Reply 2, posted (11 years 5 months 2 days 1 hour ago) and read 2070 times:

Unsolicited email advertisements are highly illegal, and punishment can go as far as huge fines and temporarily shtting down a business.

The only thing in terms of unsolicited ads that you get a worse penalty for is cold-faxing, form what I understand.

Shut down the DOD. lol



Phil Derner Jr.
User currently offlineSccutler From United States of America, joined Jan 2000, 5611 posts, RR: 28
Reply 3, posted (11 years 5 months 2 days 1 hour ago) and read 2063 times:

I believe that IP addresses, as well as the sending domain, can be spoofed.


...three miles from BRONS, clear for the ILS one five approach...
User currently offlineBobrayner From United Kingdom, joined Apr 2003, 2227 posts, RR: 6
Reply 4, posted (11 years 5 months 2 days 1 hour ago) and read 2061 times:

IP addresses can be spoofed (sort of), but it's not an easy job.

More likely that some inept admin left an open relay on that machine.



Cunning linguist
User currently offlineNoUFO From Germany, joined Apr 2001, 7966 posts, RR: 12
Reply 5, posted (11 years 5 months 2 days ago) and read 2043 times:

Most times I simply delete the mail as well, but sometimes I use the IP-number of the original sender and forward the received junk-mail untouched to abuse@provider.xy, whereas provider stand for the owner of the IP-number which is normally a provider. Most spammers don't have an IP-number of their own but use a number which is free at the moment they log in.

In my case the header looked like this (I censored some parts to protect my email adress as well as the privacy of an unknown person - the fake-sender):

Return-path: *fake email of sender*
Envelope-to: *my real email*
Delivery-date: Mon, 21 Jul 2003 12:47:14 +0200

Received: from [65.192.234.181] (helo=213.174.32.95)
by mail01.ims-firmen.de with smtp (Exim 4.12)
id 19eYBn-0002wn-00
for *my real email*; Mon, 21 Jul 2003 12:46:45 +0200


Received: from 6i.vzecpyr.org (HELO mwu7q) ([214.88.152.117]) by 213.174.32.95 with SMTP; Mon, 21 Jul 2003 10:38:17 -0100
Message-ID: 5i$yvw68tp$k-46hm7e@bmh3.kg8

From: "*fake name of sender*" *fake email of sender*
To: *my email again*
Subject: Guaranteed 12%-50% Discount On All Prescription ... bm y iskzso l oxe
* ... more blahblah ...*

------------
The first "received from" is my, or my provider's mail-server. The second is in this case the last - read: the first server that sent the mail.
As you can see, from 6i.vzecpyr.org (HELO mwu7q) are most likely randomly written entries, but the IP-Adress in brackets [] is real. The website I have linked to returns the provider to whom you can report the abuse.

Mor about mail headers here: http://www.stopspam.org/email/headers/headers.html


@Bobrayner:
I thought of that, too but it's equally unlikely a mail-server of the DoD has an open relay and somebody from the outside world knows of it, can make use of it and get away with it.

[Edited 2003-07-21 18:16:48]


I support the right to arm bears
User currently offlineRalgha From United States of America, joined Nov 1999, 1614 posts, RR: 6
Reply 6, posted (11 years 5 months 2 days ago) and read 2029 times:

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.


09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
User currently offlineBobrayner From United Kingdom, joined Apr 2003, 2227 posts, RR: 6
Reply 7, posted (11 years 5 months 1 day 23 hours ago) and read 2022 times:

I thought of that, too but it's equally unlikely a mail-server of the DoD has an open relay and somebody from the outside world knows of it, can make use of it and get away with it.

Finding open relays is trivial.  Smile

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.

Good point..!

But but it's less easy. It's unlikely that a spammer would bother (or be able) to spoof from somebody elses host, obviously; so in that case all traffic would originate from the spammer's own machine, which is something they often try to avoid.



Cunning linguist
User currently offlineNoUFO From Germany, joined Apr 2001, 7966 posts, RR: 12
Reply 8, posted (11 years 5 months 1 day 22 hours ago) and read 2011 times:

Finding an open relay may be simple with a proper scanner at hand. But a typical spammer sends some 100,000 mail/day, and I don't think it's a good idea to use a governmental server for that. Maybe a tank is now digging through his frontyard. Big grin

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.

I'm no expert here, but I think this sounds way more simple than it actually is.



I support the right to arm bears
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Nixon's Rise From The Ashes Of Defeat? posted Wed May 11 2005 05:59:01 by Zippyjet
From The Mouth Of James Carville posted Tue Sep 28 2004 23:09:33 by Bruno
Fun Tales From The World Of Retail posted Sun Jun 29 2003 03:45:37 by DesertJets
Hello, From The Majesty Of The Seas posted Wed Jul 10 2002 00:03:40 by NWA Man
Be Prepared: From The US Department Of Laughs posted Thu Mar 20 2003 14:03:23 by Aviatsiya
Can You Find The Can Of Spam? posted Mon Jun 12 2006 03:49:49 by Garri767
The Absurdity Of 'the Defense Of Marriage' posted Fri Mar 3 2006 20:37:29 by BCAInfoSys
20min Video Of Fallujah From The BBC. posted Sat Nov 27 2004 12:43:38 by Sulman
Idiots From The Shallow End Of The Gene Pool posted Fri Jul 30 2004 05:14:56 by MxCtrlr
The Dangers Of Aspartame posted Sun Dec 10 2006 06:29:02 by NWDC10