Here is one of the many responses I receiuved:

On Tue, Jan 18, 2005 at 07:54:33AM -0800, spamcop@norvall.com wrote:
> This email either originated from your domain, or your domain was
> involved in it's delivery.

Or neither:

> [...]
> Received: from 68.114.57.146 ([68.114.57.146]) by group21.345mail.com with LOCAL; Tue, 18 Jan 2005 04:46:56 +1000
> Received: from asx121.turbo-inline.com ([140.88.112.229])
> by smtp-server1.cfdenselr.com with NNFMP; Tue, 18 Jan 2005 18:43:39 -0400
> [...]
> Message-ID: <be0501c4fd72$350fe630$132b5ea0@bekekrenvq>

140.88.112.229 is not asx121.turbo-inline.com -- in fact, there is no
such IP address on Bethel's network (try ping), nor any such host in
DNS (try nslookup).

Does your spam analysis process take into account that Received: lines
are easily forged? Or do you just blast these out to everyone who might
be involved? ;-)

--
Brent J. Nordquist <b-nordquist@bethel.edu> N0BJN
Director of Server Systems, Bethel University, St. Paul, MN, USA
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

Any suggestions?
Blaatand

Someone is certainly confused. I just put that IP address through SmartWhoIs and got:



so I'm confused ... but what's new? LOL

I can see what he is saying and I think every ISP should cross check the IP address with the supposed text (reverse DNS) string for the sender. I know if my ISP did that for all the spam I get, it will kill the whole lot stone dead. Is it so difficult to code a basic look up and compare like that? Would be a great asset in SpamX if you could do it Jeff

No, no broadcast. Sp@mX evaluates each one of the Recieved lines for spaminess. Something simple like the domain not having RDNS can assign it 25 points, which is a low score but will still generate a complaint.

So his entry had something spammy about it....