Anyone else receive this subject on the 14th...
"AMERICAN STOCK MARKET: TRHL Retains Sky Investor Relations...edita", where
edita was changed with multiple names.
Not strange that I received spam, however I received the same message 8 times to the same
address with about 2-3 per hour. My spamassasin picked them up but the strange thing was
they all came from different IP addresses and I couldn't traceroute any of them...
All of them stop at 184.108.40.206 (Global-gateway)
traceroute to 220.127.116.11 (18.104.22.168), 64 hops max, 44 byte packets
1 gateway (22.214.171.124) 1.679 ms 2.403 ms 1.358 ms
2 fe0-0.cr1.idc.orcon.net.nz (126.96.36.199) 0.863 ms 0.872 ms 0.852 ms
3 fe-1.qos2.idc.orcon.net.nz (188.8.131.52) 1.134 ms 1.004 ms 1.128 ms
4 184.108.40.206 (220.127.116.11) 1.774 ms 1.906 ms 1.567 ms
5 18.104.22.168 (22.214.171.124) 39.962 ms 93.651 ms 6.643 ms
6 ge-0-3-0-6.akbr3.global-gateway.net.nz (126.96.36.199) 6.165 ms !N^C
Ip addresses they were sent from:
In all cases the messages were stopped as they were listed in blacklists.
RCVD_IN_NJABL (0.9 points) RBL: Received via a relay in dnsbl.njabl.org
[RBL check: found 188.8.131.52.dnsbl.njabl.org
RCVD_IN_UNCONFIRMED_DSBL (0.5 points) RBL: Received via a relay in unconfirmed.dsbl.org
[RBL check: found 184.108.40.206.unconfirmed.dsbl.org
RCVD_IN_BL_SPAMCOP_NET (3.0 points) RBL: Received via a relay in bl.spamcop.net
[RBL check: found 220.127.116.11.bl.spamcop.net
They were also stopped because of forged headers, some having forged froms, forged MUA
The thing I don't understand is that there was no consistency, all the emails from
different IP's, all different forged header fields, all not tracerouteable and within
30 minutes of eachother to an address only listed on a new zealand website.
Weird, sounds very much like the spam system explained on the list not too long ago.