This is a multi-part message in MIME format.
--------------F8E134D41EE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I recently reported some spam to what I thought was the
originating site. I received the following very helpful
information. Thought I'd share it.
Steve
--------------F8E134D41EE
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Received: from office4.corp.netcom.com (office4.corp.netcom.com
[199.35.110.148])
by sos.sos.net (8.8.5/8.8.5) with SMTP id JAA07971
for <shammatt@sos.net>; Mon, 22 Dec 1997 09:16:26 -0800 (PST)
Received: from blaze.corp.netcom.com (blaze.corp.netcom.com [199.35.110.203])
by office4.corp.netcom.com (8.6.12/Netcom-Corp) with ESMTP id JAA13715 for
<shammatt@sos.net>; Mon, 22 Dec 1997 09:15:55 -0800
Received: from netcom.com by blaze.corp.netcom.com (SMI-8.6/SMI-SVR4)
id JAA11471; Mon, 22 Dec 1997 09:15:53 -0800
Date: Mon, 22 Dec 1997 09:15:53 -0800
Message-Id: <199712221715.JAA11471@blaze.corp.netcom.com>
To: shammatt@sos.net
From: NETCOM Policy Management <abuse@netcom.com>
Reply-To: <abuse@netcom.com>
Subject: Thank you for your report
Hello:
After examining the headers for this case, we have come to the conclusion
that it did not originate from NETCOM. The From line has a NETCOM
address, but this is a forgery.
The address that it has originated from is uu.net. Please send
complaints on this issue to abuse@uu.net.
To determine the server where a forged email originated, check the last
received line of the mail. As an example:
> Received: from mailhost.net.com(net.com(alt1.net.com(208.9.77.65)) by
> net.com (8.8.5/8.6.5) with SMTP id GAA02542 for <sucess@netcom.net>;
> Sun, 06 Apr 1997 19:30:51 -0600 (EST)
The first machine named is generally the source of the email, in this
example:
alt1.net.com
Generally, only the last two words of the address are the domain, in this
example, net.com.
You can then use the command
whois <domainname>
in UNIX or enter the domain name into the form at the URL:
http://rs.internic.net/cgi-bin/whois
to see if it is a valid site, and if it is, you can send your complaints
there. If you do not have UNIX or access to a web browser, check with your
ISP's technical support for an alternative way to check.
Thank you
Matt
NETCOM Policy Management
----------------------------------------------------------------------
NETCOM On-Line Communication Services, Inc. Policy Management
24-Hour Technical Support: (408) 881-1810 abuse@netcom.com
----------------------------------------------------------------------
You wrote:
> From shammatt@sos.net Sat Dec 20 20:56:07 1997
> Received: from mail3.netcom.com (root@mail3.netcom.com [192.100.81.127]) by
>office4.corp.netcom.com (8.6.12/Netcom-Corp) with ESMTP id UAA22110 for
><abuse@office.netcom.com>; Sat, 20 Dec 1997 20:56:06 -0800
> Received: from ixmail1.ix.netcom.com (ixmail1.ix.netcom.com [199.182.120.61])
> by mail3.netcom.com (8.8.5-r-beta/8.8.5/(NETCOM v1.02)) with ESMTP id
>UAA04392
> for <abuse@netcom.com>; Sat, 20 Dec 1997 20:56:06 -0800 (PST)
> Received: from sos.sos.net (sos.sos.net [199.165.149.1])
> by ixmail1.ix.netcom.com (8.8.7-s-4/8.8.7/(NETCOM v1.01)) with ESMTP id
>UAA15317;
> for <abuse@ix.netcom.com>; Sat, 20 Dec 1997 20:56:03 -0800 (PST)
> Received: from SHAMMATT.NCH.COM (sos-dialup105.sos.net [206.63.109.105])
> by sos.sos.net (8.8.5/8.8.5) with SMTP id UAA01370
> for <abuse@ix.netcom.com>; Sat, 20 Dec 1997 20:56:01 -0800 (PST)
> Message-ID: <349CA11B.604B@sos.net>
> Date: Sat, 20 Dec 1997 20:54:51 -0800
> From: Steve Hammatt <shammatt@sos.net>
> Reply-To: shammatt@sos.net
> X-Mailer: Mozilla 3.0 (Win95; I)
> MIME-Version: 1.0
> To: abuse@ix.netcom.com
> Subject: Re: Email your AD to 57 MILLION People for ONLY $99
> References: <345251784515.GAA23594@jsvuquu.com>
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Can't we stop this trash use by spammers?
> Steve
>
>
>
> 38227800@ix.netcom.com wrote:
> >
> > 57 MILLION EMAILS FOR ONLY $99
> > INCLUDES STEALTH MAILER
> >
> >
> > rom and you won't lose your dial up account. The stealth mailer is an
>incredible program and absolutly FREE with your order ! If you are not making
>at least $50,000 a month, then ORDER NOW.
> >
> > ORDER NOW BY FAX: Simply print out this order form and fax it to us along
>with your check made payable to: Future WT for only $99.
> > Our Fax # is: 602 348 2955
> > We will confirm your order by email and then mail your cd out the same day
>via priority mail.
> >
> > Name:_____________________________
> >
> > Street Address:______________________________
> >
> > City:_____________________
> >
> > State:________________ZipCode:_____________
> >
> > Phone number:__________________________
> >
> > Email:_______________________________
> > You do not need to send the actual check, we will create a draft.
>Returned checks are subject to $25 NSF Fee.
> > Fax it to 602 348 2955
> > Or
> > You can mail a check or money order to:
> > FutureWT
> > 15560 N. Frank Lloyd Wright #b-4187
> > Scottsdale, AZ 85260
> >
> > If you want to be removed from our mailing list just send a email <a
>href="takemeofflst@answerme.com">here</a>
> >
> > 57 million plus mailing program for only $99
>
--------------F8E134D41EE--
|