I ran the spam mail below through both SmartWhois and SpamX v1.27a and as you can see, SW identified the originator as Verizon whilst SpamX says Telenor.
I've just put it through 1.2.6 to check and that correctly identifies Verizon. Guess I broke it again
QUOTE
ABUSE@NOC.UK.TELENOR.NET;
Email Abuse Complaint
Here is the SMTP information.
SMTP Info Start ====================================
Return-Path: <c_hmoreno_wc@standitalia.it>
Delivered-To: spamcop-net-tifferg@spamcop.net
Received: (qmail 27876 invoked from network); 2 Jun 2004 23:20:53 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
by blade1.cesmail.net with SMTP; 2 Jun 2004 23:20:53 -0000
Received: from mailgate.cesmail.net (216.154.195.36)
by c60.cesmail.net with SMTP; 02 Jun 2004 19:20:52 -0400
X-Ironport-AV: i="3.81R,93,1083556800";
d="scan'217,208"; a="69470341:sNHT30062640"
Received: (qmail 21780 invoked from network); 2 Jun 2004 23:20:52 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by mailgate.cesmail.net with SMTP; 2 Jun 2004 23:20:52 -0000
Received: from mail.cix.co.uk [212.241.168.136]
by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
for tifferg@spamcop.net (single-drop); Wed, 02 Jun 2004 19:20:52
-0400 (EDT)
Received: from stammstaufen.de (pool-68-160-126-158.nwrk.east.verizon.net
[68.160.126.158])
by mta02.mx.cix.co.uk (8.11.3/CIX/8.11.3) with SMTP id i52N7W630465
for <chris@gilliard.compulink.co.uk>; Thu, 3 Jun 2004 00:07:32 +0100
X-Envelope-From: c_hmoreno_wc@standitalia.it
Message-ID: <65f201c448f6$5008baec$888d2e31@stammstaufen.de>
From: "Craig H. Moreno" <c_hmoreno_wc@standitalia.it>
To: chris@gilliard.compulink.co.uk
Subject: ro.ckhard sti,ffys in mins
Date: Wed, 02 Jun 2004 23:10:54 +0000
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-UIDL: 11886.1086217654.1242130molybdenum.bm
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.8 tests=HTML_20_30,HTML_MESSAGE,J_CHICKENPOX_25,
J_CHICKENPOX_34,MIME_HTML_ONLY version=2.63
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101
212.241.168.136 68.160.126.158
(... HTML message clipped)
SMTP Info End ======================================
Generated by SpamX Version [SIZE=7]1.2.7
http://www.hendricom.com
Email Abuse Complaint
Here is the SMTP information.
SMTP Info Start ====================================
Return-Path: <c_hmoreno_wc@standitalia.it>
Delivered-To: spamcop-net-tifferg@spamcop.net
Received: (qmail 27876 invoked from network); 2 Jun 2004 23:20:53 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
by blade1.cesmail.net with SMTP; 2 Jun 2004 23:20:53 -0000
Received: from mailgate.cesmail.net (216.154.195.36)
by c60.cesmail.net with SMTP; 02 Jun 2004 19:20:52 -0400
X-Ironport-AV: i="3.81R,93,1083556800";
d="scan'217,208"; a="69470341:sNHT30062640"
Received: (qmail 21780 invoked from network); 2 Jun 2004 23:20:52 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by mailgate.cesmail.net with SMTP; 2 Jun 2004 23:20:52 -0000
Received: from mail.cix.co.uk [212.241.168.136]
by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
for tifferg@spamcop.net (single-drop); Wed, 02 Jun 2004 19:20:52
-0400 (EDT)
Received: from stammstaufen.de (pool-68-160-126-158.nwrk.east.verizon.net
[68.160.126.158])
by mta02.mx.cix.co.uk (8.11.3/CIX/8.11.3) with SMTP id i52N7W630465
for <chris@gilliard.compulink.co.uk>; Thu, 3 Jun 2004 00:07:32 +0100
X-Envelope-From: c_hmoreno_wc@standitalia.it
Message-ID: <65f201c448f6$5008baec$888d2e31@stammstaufen.de>
From: "Craig H. Moreno" <c_hmoreno_wc@standitalia.it>
To: chris@gilliard.compulink.co.uk
Subject: ro.ckhard sti,ffys in mins
Date: Wed, 02 Jun 2004 23:10:54 +0000
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-UIDL: 11886.1086217654.1242130molybdenum.bm
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.8 tests=HTML_20_30,HTML_MESSAGE,J_CHICKENPOX_25,
J_CHICKENPOX_34,MIME_HTML_ONLY version=2.63
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101
212.241.168.136 68.160.126.158
(... HTML message clipped)
SMTP Info End ======================================
Generated by SpamX Version [SIZE=7]1.2.7
http://www.hendricom.com
Reading the headers myself, it appears to me that the originator's IP address is: 68.160.126.158
which ARIN reports as:
QUOTE
pool-68-160-126-158.nwrk.east.verizon.net
Host unreachable
68.160.0.0 - 68.163.255.255
Verizon Internet Services
1880 Campus Commons Dr
Reston
VA
20191
United States
Verizon Internet Services
+1-703-295-4583
noc@gnilink.net
Abuse:
VIS Abuse
+1-703-295-4583
abuse@verizon.net
NSDC.BA-DSG.NET
GTEPH.BA-DSG.NET
VIS-68-160
Created: 2002-08-30
Updated: 2003-07-18
Source: whois.arin.net
Host unreachable
68.160.0.0 - 68.163.255.255
Verizon Internet Services
1880 Campus Commons Dr
Reston
VA
20191
United States
Verizon Internet Services
+1-703-295-4583
noc@gnilink.net
Abuse:
VIS Abuse
+1-703-295-4583
abuse@verizon.net
NSDC.BA-DSG.NET
GTEPH.BA-DSG.NET
VIS-68-160
Created: 2002-08-30
Updated: 2003-07-18
Source: whois.arin.net
I guess it is a 1.27 bug as 1.2.6 (as shown below) correctly identifies Verizon as the culprit's home
QUOTE
ABUSE@VERIZON.NET;
Email Abuse Complaint
Here is the SMTP information.
SMTP Info Start ====================================
Return-Path: <c_hmoreno_wc@standitalia.it>
Delivered-To: spamcop-net-tifferg@spamcop.net
Received: (qmail 27876 invoked from network); 2 Jun 2004 23:20:53 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
by blade1.cesmail.net with SMTP; 2 Jun 2004 23:20:53 -0000
Received: from mailgate.cesmail.net (216.154.195.36)
by c60.cesmail.net with SMTP; 02 Jun 2004 19:20:52 -0400
X-Ironport-AV: i="3.81R,93,1083556800";
d="scan'217,208"; a="69470341:sNHT30062640"
Received: (qmail 21780 invoked from network); 2 Jun 2004 23:20:52 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by mailgate.cesmail.net with SMTP; 2 Jun 2004 23:20:52 -0000
Received: from mail.cix.co.uk [212.241.168.136]
by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
for tifferg@spamcop.net (single-drop); Wed, 02 Jun 2004 19:20:52 -0400 (EDT)
Received: from stammstaufen.de (pool-68-160-126-158.nwrk.east.verizon.net [68.160.126.158])
by mta02.mx.cix.co.uk (8.11.3/CIX/8.11.3) with SMTP id i52N7W630465
for <chris@gilliard.compulink.co.uk>; Thu, 3 Jun 2004 00:07:32 +0100
X-Envelope-From: c_hmoreno_wc@standitalia.it
Message-ID: <65f201c448f6$5008baec$888d2e31@stammstaufen.de>
From: "Craig H. Moreno" <c_hmoreno_wc@standitalia.it>
To: chris@gilliard.compulink.co.uk
Subject: ro.ckhard sti,ffys in mins
Date: Wed, 02 Jun 2004 23:10:54 +0000
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-UIDL: 11886.1086217654.1242130molybdenum.bm
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.8 tests=HTML_20_30,HTML_MESSAGE,J_CHICKENPOX_25,
J_CHICKENPOX_34,MIME_HTML_ONLY version=2.63
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 212.241.168.136 68.160.126.158
SMTP Info End ======================================
Generated by SpamX II Version 1.2.6
http://www.hendricom.com
Email Abuse Complaint
Here is the SMTP information.
SMTP Info Start ====================================
Return-Path: <c_hmoreno_wc@standitalia.it>
Delivered-To: spamcop-net-tifferg@spamcop.net
Received: (qmail 27876 invoked from network); 2 Jun 2004 23:20:53 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
by blade1.cesmail.net with SMTP; 2 Jun 2004 23:20:53 -0000
Received: from mailgate.cesmail.net (216.154.195.36)
by c60.cesmail.net with SMTP; 02 Jun 2004 19:20:52 -0400
X-Ironport-AV: i="3.81R,93,1083556800";
d="scan'217,208"; a="69470341:sNHT30062640"
Received: (qmail 21780 invoked from network); 2 Jun 2004 23:20:52 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by mailgate.cesmail.net with SMTP; 2 Jun 2004 23:20:52 -0000
Received: from mail.cix.co.uk [212.241.168.136]
by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
for tifferg@spamcop.net (single-drop); Wed, 02 Jun 2004 19:20:52 -0400 (EDT)
Received: from stammstaufen.de (pool-68-160-126-158.nwrk.east.verizon.net [68.160.126.158])
by mta02.mx.cix.co.uk (8.11.3/CIX/8.11.3) with SMTP id i52N7W630465
for <chris@gilliard.compulink.co.uk>; Thu, 3 Jun 2004 00:07:32 +0100
X-Envelope-From: c_hmoreno_wc@standitalia.it
Message-ID: <65f201c448f6$5008baec$888d2e31@stammstaufen.de>
From: "Craig H. Moreno" <c_hmoreno_wc@standitalia.it>
To: chris@gilliard.compulink.co.uk
Subject: ro.ckhard sti,ffys in mins
Date: Wed, 02 Jun 2004 23:10:54 +0000
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-UIDL: 11886.1086217654.1242130molybdenum.bm
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.8 tests=HTML_20_30,HTML_MESSAGE,J_CHICKENPOX_25,
J_CHICKENPOX_34,MIME_HTML_ONLY version=2.63
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 212.241.168.136 68.160.126.158
SMTP Info End ======================================
Generated by SpamX II Version 1.2.6
http://www.hendricom.com