NoUFO
Topic Author
Posts: 7397
Joined: Tue Apr 17, 2001 7:40 am

I Received Spam From The Department Of Defense

Mon Jul 21, 2003 11:49 pm

It is hard to believe, but it seems I received spam from the DoD Network Information Center promoting an "All new online Medical Superstore!" (no, the mail does not mention Viagra.)

The mail-header says, the IP of the very first sender (for those not familiar with email-header: that's the last "Received from:"-line) was 214.88.152.117. I understand, spammer can not manipulate the IP-number (contrary to the name) of the server which acted as sender.
According to http://openrbl.org/whois", the server belongs to the Network Information Center of the Department of Defense.

Isn't that nice? Fund-raising for the heroes of the American armed forces. (Or is it just for one webmaster?)
I support the right to arm bears
 
fightingfalcon
Posts: 758
Joined: Tue Feb 06, 2001 5:38 am

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 12:01 am

You sound a little experienced... what do you do against that crap? I've always just deleted it, but I get lots of it and it would be nice if I wouldn't anymore...

Martin
Imprezas rule!!
 
bigphilnyc
Posts: 3874
Joined: Sat Jan 19, 2002 10:43 pm

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 12:12 am

Unsolicited email advertisements are highly illegal, and punishment can go as far as huge fines and temporarily shtting down a business.

The only thing in terms of unsolicited ads that you get a worse penalty for is cold-faxing, form what I understand.

Shut down the DOD. lol
Phil Derner Jr.
 
sccutler
Posts: 5578
Joined: Thu Jan 27, 2000 12:16 pm

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 12:18 am

I believe that IP addresses, as well as the sending domain, can be spoofed.
...three miles from BRONS, clear for the ILS one five approach...
 
bobrayner
Posts: 2038
Joined: Sun Apr 27, 2003 8:03 am

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 12:23 am

IP addresses can be spoofed (sort of), but it's not an easy job.

More likely that some inept admin left an open relay on that machine.
Cunning linguist
 
NoUFO
Topic Author
Posts: 7397
Joined: Tue Apr 17, 2001 7:40 am

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 1:07 am

Most times I simply delete the mail as well, but sometimes I use the IP-number of the original sender and forward the received junk-mail untouched to abuse@provider.xy, whereas provider stand for the owner of the IP-number which is normally a provider. Most spammers don't have an IP-number of their own but use a number which is free at the moment they log in.

In my case the header looked like this (I censored some parts to protect my email adress as well as the privacy of an unknown person - the fake-sender):

Return-path: *fake email of sender*
Envelope-to: *my real email*
Delivery-date: Mon, 21 Jul 2003 12:47:14 +0200

Received: from [65.192.234.181] (helo=213.174.32.95)
by mail01.ims-firmen.de with smtp (Exim 4.12)
id 19eYBn-0002wn-00
for *my real email*; Mon, 21 Jul 2003 12:46:45 +0200


Received: from 6i.vzecpyr.org (HELO mwu7q) ([214.88.152.117]) by 213.174.32.95 with SMTP; Mon, 21 Jul 2003 10:38:17 -0100
Message-ID: 5i$yvw68tp$k-46hm7e@bmh3.kg8

From: "*fake name of sender*" *fake email of sender*
To: *my email again*
Subject: Guaranteed 12%-50% Discount On All Prescription ... bm y iskzso l oxe
* ... more blahblah ...*

------------
The first "received from" is my, or my provider's mail-server. The second is in this case the last - read: the first server that sent the mail.
As you can see, from 6i.vzecpyr.org (HELO mwu7q) are most likely randomly written entries, but the IP-Adress in brackets [] is real. The website I have linked to returns the provider to whom you can report the abuse.

Mor about mail headers here: http://www.stopspam.org/email/headers/headers.html


@Bobrayner:
I thought of that, too but it's equally unlikely a mail-server of the DoD has an open relay and somebody from the outside world knows of it, can make use of it and get away with it.

[Edited 2003-07-21 18:16:48]
I support the right to arm bears
 
Ralgha
Posts: 1589
Joined: Tue Nov 09, 1999 6:20 pm

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 1:21 am

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
 
bobrayner
Posts: 2038
Joined: Sun Apr 27, 2003 8:03 am

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 1:57 am

I thought of that, too but it's equally unlikely a mail-server of the DoD has an open relay and somebody from the outside world knows of it, can make use of it and get away with it.

Finding open relays is trivial.  Smile

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.

Good point..!

But but it's less easy. It's unlikely that a spammer would bother (or be able) to spoof from somebody elses host, obviously; so in that case all traffic would originate from the spammer's own machine, which is something they often try to avoid.
Cunning linguist
 
NoUFO
Topic Author
Posts: 7397
Joined: Tue Apr 17, 2001 7:40 am

RE: I Received Spam From The Department Of Defense

Tue Jul 22, 2003 2:40 am

Finding an open relay may be simple with a proper scanner at hand. But a typical spammer sends some 100,000 mail/day, and I don't think it's a good idea to use a governmental server for that. Maybe a tank is now digging through his frontyard. Big grin

Everything, including the originating IP, in an email can be spoofed. Spoofing an IP isn't all that hard either. You just need the right software.

I'm no expert here, but I think this sounds way more simple than it actually is.
I support the right to arm bears

Who is online

Users browsing this forum: chimborazo and 8 guests