groff
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Groff] Spam apparently from list -- again

From: Ted Harding
Subject: RE: [Groff] Spam apparently from list -- again
Date: Fri, 03 Jun 2005 18:21:02 +0100 (BST) 
On 03-Jun-05 Peter Schaffter wrote:
> I received six porno-spam emails today, apparently originating from
> list members (Werner and Ted).  Three yesterday.  As before, when
> this happened, the attachment is stripped off the email before I
> receive it, but the message still comes though.
> 
> Here's a sample envelope+header, in case someone can make use of it.

You're not alone!

I've been saving these for a while, and the one thing that you
can definitely determine from the headers is that

a) Almost all of them "helo" as a machine on gnu.org (often
   monty-python.gnu.org, occasionally others), usually by
   IP address rather than name. However, this is easily forged,
   so there's no clue here (except that the originator knows
   about FQDNs/IP addresses on gnu.org).

b) Just about all of them are "Received from 194.2.22.250".

   This resolves to nat.isep.fr which has also been a source
   of previous waves of these things. Presumably this is picked
   up as the IP address of the connecting machine through which
   these mails are sent. I don't know if this item can be forged.

(The above summary covers mails going back to January 2005).

The domain isep.fr is the Institut Supérieur d'Électronique
de Paris.

Since the "nat" in "nat.isep.fr" could refer to a machine
on the ISEP network which does NAT (Network Address Translation)
it may not be possible to go further back down the line to
the true source.

I can only think of two suggestions.

1. Does our list have a subscriber from the domain "isep.fr"?
   If so, then contacting that person may take the matter forward.

2. It could be worth while to contact the Net administrators
   at isep.fr on the grounds that we are getting persistent
   (and very specific) spam from that domain.

I'm no expert on the inner workings of all this sort of thing,
and not being list administrator I can't foind out about #1.
So I can only suggest ... !

Best wishes,
Ted.


--------------------------------------------------------------------
E-Mail: (Ted Harding) <address@hidden>
Fax-to-email: +44 (0)870 094 0861
Date: 03-Jun-05                                       Time: 18:12:16
------------------------------ XFMail ------------------------------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]