[time-nuts] 2 (Spoofing)
cfharris at erols.com
Tue Oct 4 20:04:54 UTC 2011
I'm not convinced. Notice that the to: line contains a list of addresses that
look like they would belong in a time-nut's address book. That wouldn't be
beneficial, or necessary if the spammer was spoofing his way into febo's servers.
I think this came from a spambot running on jeff's machine, and it emailed the
payload to as many places as it dared... one of them happened to be the time-nuts
address used for posting messages.
> The spam message in question was apparently spoofed and did *not* originate
> from Jeff's PC. In the message header, note the Originating-IP was
> [126.96.36.199]. That IP address originates from a server at [Netherlands
> Groningen Ziggo B.v]. Jeff's actual IP address (which I won't repeat here)
> is significantly different and is located in the U.S.A.
> Chuck, I think somehow the spoofers have overcome the obstacle you mention,
> unfortunately. (Otherwise how did the user of the Netherlands server manage
> to get spam through to our group?)
More information about the time-nuts