Joe Wein wrote:
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
Would appear more than one source is involved? This one from 80.5.137.111
From - Sun Jul 24 14:04:09 2005 X-Account-Key: account3 X-UIDL: 3130 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: fliptop@guanajuato.com Received: from cpc2-ruth1-5-0-cust111.renf.cable.ntl.com ([80.5.137.111] verified) by X (CommuniGate Pro SMTP 4.3.5) with SMTP id 8636265 for X; Sun, 24 Jul 2005 02:15:58 +0200 Received: from guanajuato.com (guanajuato-com-bk.mr.outblaze.com [64.62.181.94]) by cpc2-ruth1-5-0-cust111.renf.cable.ntl.com (Postfix) with ESMTP id 0B142AA183 for <X>; Sat, 23 Jul 2005 14:18:49 -0500 From: "Preteen V. Slathering" fliptop@guanajuato.com To: Nouce <X> Subject: Hi dear Date: Sat, 23 Jul 2005 14:18:49 -0500 Message-ID: 101101c58fbb$98272312$1adaa87e@guanajuato.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2605 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 X-RAV-Antivirus: This e-mail has been scanned for viruses on host: cpc2-ruth1-5-0-cust111.renf.cable.ntl.com X-Antivirus: AVG for E-mail 7.0.338 [267.9.4]
Hi Try jwSpamSpy, our spam filter for POP3 mailboxes. We use it to track spammers and scammers. Free full featured 30 day evaluation version available!