[time-nuts] 2 (Spoofing)

Chuck Harris cfharris at erols.com
Tue Oct 4 20:04:54 UTC 2011

I'm not convinced.  Notice that the to: line contains a list of addresses that
look like they would belong in a time-nut's address book.  That wouldn't be
beneficial, or necessary if the spammer was spoofing his way into febo's servers.

I think this came from a spambot running on jeff's machine, and it emailed the
payload to as many places as it dared... one of them happened to be the time-nuts
address used for posting messages.

-Chuck Harris

gbusg wrote:
> The spam message in question was apparently spoofed and did *not* originate
> from Jeff's PC. In the message header, note the Originating-IP was
> []. That IP address originates from a server at [Netherlands
> Groningen Ziggo B.v]. Jeff's actual IP address (which I won't repeat here)
> is significantly different and is located in the U.S.A.
> Chuck, I think somehow the spoofers have overcome the obstacle you mention,
> unfortunately. (Otherwise how did the user of the Netherlands server manage
> to get spam through to our group?)
> -Greg

More information about the time-nuts mailing list