tag:blogger.com,1999:blog-2807403883562053852.post8026381964503896608..comments2024-03-27T08:40:31.785-06:00Comments on Clayton Cramer.: Progressives SpammingClayton Cramerhttp://www.blogger.com/profile/03258083387204776812noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-2807403883562053852.post-24648646341315320392012-06-26T21:05:23.207-06:002012-06-26T21:05:23.207-06:00Also you can get some good information if you subm...Also you can get some good information if you submit the email (including all the mailer audit trails) to spamcop.net. Their software is pretty good at picking out forged From addresses, and they can match it with spam received by other people.Hooliganhttps://www.blogger.com/profile/18105295341393718400noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-36477912347244056292012-06-26T19:54:00.649-06:002012-06-26T19:54:00.649-06:00Based on what I can see of the mangled-by-web-brow...Based on what I can see of the mangled-by-web-browser mail headers, the actual source of this email was:<br /><br />216.120.237.53<br /><br />an address owned by HostRocket Web Services. The IP address doesn't have a reverse DNS entry, so it's probably part of a block used for dynamic addresses (such as by a cable provider) or a co-location service. HostRocket's web site indicates that web hosting is their main business, so I'd vote for the latter.<br /><br />If you want to pursue this, your best bet is to contact HostRocket.Hooliganhttps://www.blogger.com/profile/18105295341393718400noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-52512837268721090052012-06-26T17:09:03.850-06:002012-06-26T17:09:03.850-06:00Based on your ISP (who's header lines we can t...Based on your ISP (who's header lines we can trust), it came from an AT&T supplied Wi-Fi, www.wayport.net redirects <a href="http://www.business.att.com/enterprise/Service/network-services/internet-connectivity/wifi-service/" rel="nofollow">to this page</a>.<br /><br />It could be as simple as someone going to an unsecured Wi-Fi hotspot where outgoing port 25 is not blocked and the sender's laptop spamming it out.<br /><br />The SPF mumbling is about a facility to disallow this sort of thing, or at least to signal good sources of email. Don't know what's up with your ISP and Microsoft there, SPF is not something I ever seriously studied and my memory is fuzzy on the details.ThatWouldBeTellinghttps://www.blogger.com/profile/16910231314995266781noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-53409471582090793042012-06-26T16:57:45.594-06:002012-06-26T16:57:45.594-06:00I'm just winging this.
It looks like the emai...I'm just winging this.<br /><br />It looks like the email was sent from a WiFi connection at 64.134.230.181 (Received: from ip-64-134-230-181.public.wayport.net). I think the mail server may have beet at 64.134.229.149 (HELO ip-64-134-229-149.public.wayport.net).<br /><br />The 64.134.x.x addresses belong to ATT, apparently for WiFi.<br /><br />http://whois.arin.net/rest/net/NET-64-134-0-0-1/pft<br /><br />There are a couple SPF checks, but they both result in softfails. They may just be for informational purposes. Mail servers can check the IP an email is coming from and hit the mail server for the associated domain in the email (msn.com in this case) to see if that IP is authorized to deliver mail for that domain.<br /><br />A user on that network could have been compromised and the machine just blasting out spam. There's a good chance the email originated on that machine, but it could have been requested from anywhere.Stevehttps://www.blogger.com/profile/04829766843115897356noreply@blogger.com