Look at the following header snippet from the latest Amazon phishing
scam:
-----------------------
Delivered-To: mailing list dns@list.cr.yp.to
Received: (qmail 66144 invoked from network); 30 Jan 2007 17:01:55 -0000
Received: from s12-30.rb.lax.centurytel.net (HELO 131.193.178.160)
(69.179.81.30) by stoneport.math.uic.edu with SMTP; 30 Jan 2007
17:01:55
-0000
Received: from 216.234.31.34 by 131.193.178.160; Tue, 30 Jan 2007
20:58:44
+0400
Message-ID: <IGQWKTLZDVATBYQTWCCV@hotmail.com>
------------------------
It doesn't take a rocket scientist to see it was handled by two
different dynamic IPs to get to the djbdns list. Plus the second passed
itself off in the HELO as the machine called stoneport.
Also, anyone on any of djb software lists knows this email had to have a
reply to qsecretary.
Does anyone have any actual, cold hard facts to show the percentage of
email sent by machines on dynamic IP ranges? There have been discussions
on the list for a long time about this; some saying you must abide by
the RFC and "be liberal in what you accept", others saying it is
"acceptable use" to block all email from any dynamic IP.
Thanks,
Larry Weldon
|