Mark, Jim contacted me and it turned out my ISP Teleport, had a massive SPAM attack so the problem was at their end. Sorry for the `alarm'! The MIT lines threw me off but it was since explained how QMail could have done that. - Tom At 05:45 PM 7/12/00 -0700, you wrote: >Tom Handley wrote: >> At 01:15 PM 7/10/00 -0700, Mark Willis wrote: >> >Of all things, Motorola just SPAMmed me with an announcement of a new >> >product. >> > >> >An [AD]: post to this list, I wouldn't have minded - personal UCE, I do >> >mind though. >> > >> >Anyone else hit? (Probably bug me off-list.) >> > >> > Mark >> >> Mark, I've just received more SPAM routed through the MIT server than I >> have all year from any source! Some alledged company ads, most of it was >> alledged conversations for other people (ie: Dear Mary, we will be in town >> Monday for the wedding). >> >> But the following is *ABSOLUTELY DANGEROUS!!!* > >SPAM usually means unsolicited commercial e-mail - i.e. ad's. "we will >be in town for the wedding" is mis-addressed, that beats the heck out of >kidpornspam, stockspam, etc. > >I think someone inside your ISP messed up, actually. But it's best that >THEY see this and check and FIX the cause! > >> Received: by mail3 (mbox thandley) >> (with Cubic Circle's cucipop (v1.31 1998/05/13) Tue Jul 11 21:00:20 2000) >> X-From_: owner-piclist@MITVMA.MIT.EDU Tue Jul 11 05:21:18 2000 >> Return-Path: > >Now, whatthe! Why're the owner-PIClist lines in there? Weird! > >> Delivered-To: thandley@TELEPORT.COM >> Received: (qmail 10854 invoked from network); 11 Jul 2000 02:05:51 -0000 >> Received: from secure1.teleport.com (192.108.254.2) >> by smtp8.teleport.com with SMTP; 11 Jul 2000 02:05:51 -0000 > >Verified, [192.108.254.2] IS secure1.teleport.com. > >> Received: (qmail 23005 invoked by uid 200); 11 Jul 2000 02:05:51 -0000 > >Guessing this's an internal routing of e-mail. > >> Date: 11 Jul 2000 02:05:51 -0000 >> Message-ID: <20000711020551.23004.qmail@secure1.teleport.com> >> From: billing@teleport.com >> To: turbanow@teleport.com >> Subject: Credit Card Expiration Date Change >> >> Your Credit Card expiration date has been changed. >> Please check the information below: >> >> Customer ID : 632250 >> Username : turbanow >> CC Exp. Date : 2002-10-31 >> >> Request came from: i48-36-17.pdx.du.teleport.com [216.26.61.145] on >> Mon Jul 10 19:05:51 2000 - update-cc-exp.cgi > >Verified, i48-36-17.pdx.du.teleport.com IS a Teleport IP address. > >> Teleport is my ISP and on the surface, this is exactly what they would send >> including the From: and Subject fields! However, I pay by check, that's not my >> user name, and not my customer ID. This is a massive attack and very >> dangerous! >> I'm so damn mad I can hardly type! I hope you folks can track this down!... >> Thanks, >> >> - Tom > >I *think* their script to notify customers is screwed up and sent this >to the wrong address. BUT, I'd say they want to see it - so, my >suggestion is to forward this, with full headers etc., to your abuse and >postmaster accounts at teleport.com - and ask them to investigate this. >It looks like something's quite WRONG, they should be able to figure it >out as they know what their internal systems are set up to do. If >someone's doing this as a manipulation scam, they can track it down and >FIX it. I think the Piclist-Owner lines are a symptom of the problem >but that's just a guess? (Could be someone's code didn't clear a struct >properly and part of this was left-overs from an e-mail message sent to >you earlier?) > > Mark ------------------------------------------------------------------------ Tom Handley New Age Communications Since '75 before "New Age" and no one around here is waiting for UFOs ;-) -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.