[OT] Pilot Email Question
Don Chorman
chormand@pilot.msu.edu
Thu, 22 Mar 2001 19:57:21 -0800
I'm not sure but I looked at the IP address in the header.
Message header:
Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127])
by pilot04.cl.msu.edu (8.10.2/8.10.2) with ESMTP id f2MKkt050274;
Thu, 22 Mar 2001 15:46:55 -0500
Received: from pilot07.cl.msu.edu (pilot07.cl.msu.edu [35.9.5.27])
by egr.msu.edu (8.11.1/8.11.1) with ESMTP id f2MKkqc09523
for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:52 -0500 (EST)
Received: from c1016883-a (pm283-15.dialip.mich.net [35.9.9.240])
by pilot07.cl.msu.edu (8.10.2/8.10.2) with SMTP id f2MKkaI13548
for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:41 -0500
Date: Thu, 22 Mar 2001 15:46:41 -0500
Message-Id: <200103222046.f2MKkaI13548@pilot07.cl.msu.edu>
From: Hahaha <hahaha@sexyfun.net>
I'm not sure but I think it came from (pm283-15.dialip.mich.net
[35.9.9.240]).
What do you think?
Ben Pfaff wrote:
> Don Chorman <chormand@pilot.msu.edu> writes:
>
> [spam]
>
> > Thanks Ben. I did call CIC, and email them the header if thats worth
> > anything. It looked like the email originated from campus.
>
> I cannot speak as to your particular spam, since I haven't seen
> it, but beware of depending on From: lines, etc., for domain of
> origination. For such things, spammers often just use a
> "username" without any domain at all, and lots of MTAs (all?)
> will then append their own domain. So the spammer sends an email
> through Pilot that has a From: line like:
> From: imbecile
> and after it goes through Pilot, it looks like
> From: imbecile@msu.edu
> which, if you don't read the Received: headers, makes it look
> like it originated locally.
>