[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Very Strange behave, Maybe MX
- To: Shachar Shemesh <linuxil(at-nospam)consumer.org.il>
- Subject: Re: Very Strange behave, Maybe MX
- From: "Nadav Har'El" <nyh(at-nospam)math.technion.ac.il>
- Date: Wed, 4 Jul 2001 12:41:55 +0300
- Cc: Ben-Nes Michael <miki(at-nospam)canaan.co.il>, linux ILUG <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Hebrew-Date: 13 Tammuz 5761
- In-Reply-To: <3B42EDA7.8090901@consumer.org.il>; from linuxil@consumer.org.il on Wed, Jul 04, 2001 at 12:19:19PM +0200
- References: <00bf01c10459$89c257a0$aa5796d4@canaan.co.il> <3B42EDA7.8090901@consumer.org.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.2i
On Wed, Jul 04, 2001, Shachar Shemesh wrote about "Re: Very Strange behave, Maybe MX":
> Seems like this message is spam.
>
> If you would post the FULL headers, maybe we can get more info.
>
> In any case - spammers are known to do things to confuse who they are,
> and who they send things to (and where from).
>
> Shachar
Yes, spammers just putting a fake/random "To:" string is old news, but
it's interesting why they chose to fake a To: line looking almost real,
except the substituion of the ".co.il" by ".com". They usually just put
a completely bogus To: line, or use your real address (but using your
real address demands more effort, which is why many spammers don't do it).
I once got spam like this, supposedly to nyh@gauss.ua.es. I obviosly don't
have an account on this machine, but I do have an account on a completely
different gauss.* machine, and this is where the spam was really headed to
(as Shachar said, you need the full headers to see where the spam was really
sent to). My guess was that the spammer had some large list of addresses
ordered alphabetically, with all the gauss.some.domain's near each other,
and then he sent all that spam with the first "gauss" in the list as the
To:. I have no idea why they would want to do that - it only makes spam
filtering easier for me...
Other spams I got with To: containing my username but the wrong domain name
were for MyNetFriend.technion.ac.il, leepack.com (WTF is that?), and
NewFoundFriend.technion.ac.il. And that's just in the last month ;)
Anyway, I looked at the MX and NS records of your machine, and the .com
one, and there doesn't seem to be any problem which would cause real mail
to be sent to the wrong machine. It could be a misconfiguration on one
of the canaan.com mail exchaingers (see host -t mx canaan.com), but this
seems strange.
--
Nadav Har'El | Wednesday, Jul 4 2001, 13 Tammuz 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Ways to Relieve Stress #10: Make up a
http://nadav.harel.org.il |language and ask people for directions.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il