on Mon, Jul 25, 2005 at 04:18:38PM +0900, Joe Wein wrote:
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
I've been calling this spamsign "Mobster I. Syphilitic", after one of the best randomly-generated From: headers. It's rather easy to block; and of course the mr.outblaze.com is a 100% positive indicator for spamsign (as a more general rule, the forged Received: header contains the MX record, not the PTR record, for the domain). I've been told (on spam-r) that it's a sign of Alexey Panov's DMS, so it seems your sources and mine are in agreement.