Is it actually "open relay spam"? Let's check some headers and see.
This is the header from a spam sent through an open relay.
>Received: from smtp04.primenet.com (daemon@smtp01.primenet.com [206.165.6.134])
> by primenet.com (8.8.8/8.8.5) with ESMTP id CAA00896
> for <kellymt@smtp04.example.com>; Tue, 18 May 1999 02:35:49 -0700 (MST)
>Received: (from daemon@localhost)
> by smtp04.primenet.com (8.8.8/8.8.8) id CAA00246
> for <kellymt@example.com>; Tue, 18 May 1999 02:35:48 -0700 (MST)
(Internal handoffs; ignore).
>Received: from mail.ace.net.tw(203.70.86.8), claiming to be "ace.net.tw"
> via SMTP by smtp04.example.com, id smtpd000179; Tue May 18 02:35:34 1999
The reverse DNS checks out, and the server will happily relay mail for you, if you ask it to. This is the open server.
>Received: from hhDw67moH (d162-sc101h1-stct-pdi.attcanada.net
>[142.194.155.162]) by ace.net.tw (8.8.8/8.7.3) with SMTP id RAA14108; Tue,
>18 May 1999 17:42:26 +0800
142.194.155.162 is the real sender; the IP belongs to a attcanada.net dialup. The attcanada.net user abused the open server at 203.70.86.8 to send spam.
This is classic relayed spam, and this is the *only* kind of spam that should be submitted to the MAPS RSSSM.
This is the header from a direct-to-MX spam:
>Received: from smtp02.primenet.com (daemon@smtp02.primenet.com [206.165.6.132])
> by primenet.com (8.8.8/8.8.5) with ESMTP id PAA17783;
> Sun, 28 Mar 1999 15:28:55 -0700 (MST)
>From: ooooo6521@eastmail.com
>Received: (from daemon@localhost)
> by smtp02.primenet.com (8.8.8/8.8.8) id PAA28461;
> Sun, 28 Mar 1999 15:28:53 -0700 (MST)
Internal handoffs.
>Message-Id: <199903282228.PAA28461@smtp02.primenet.com>
>Received: from ppp1011.on.bellglobal.com(206.172.224.51), claiming to be
>"mail.mia.machine"
> via SMTP by smtp02.primenet.com, id smtpd028334; Sun Mar 28 15:28:46 1999
206.172.224.51 connected to the smtp server and sent the e-mail directly to me; there is no relay. This is direct-to-MX spam, and this IP is in the MAPS DULSM. If you had been using the DULSM, this mail would have been blocked.
Do *not* submit this kind of spam to the MAPS RSSSM.
This is a header for a dialup-to-secure-mailserver spam:
>Return-Path: freetrial@flashmail.com
>Received: from smtp2.mindspring.com ([207.69.200.32] verified) by
>hercules.ultradesign.net (Stalker SMTP Server 1.8b3) with ESMTP id
>S.0000047129 for <xxxxxxx@ultradesign.com>; Sun, 16 May 1999 08:23:40 +0100
The spam was sent through Mindspring's mailserver. Mindspring's server is not open to relay, so the sender must be a Mindspring user.
>Received: from TStoerzbach (pool-207-205-235-130.dlls.grid.net
>[207.205.235.130])
> by smtp2.mindspring.com (8.8.5/8.8.5) with SMTP id DAA29517
> for <xxxx@ultradesign.com>; Sun, 16 May 1999 03:21:21 -0400 (EDT)
This spammer was connected through a grid.net dialup; Mindspring leases POPs from grid.net.
This kind of spam should not be reported to the MAPS RSSSM.Click here to return to the main menu.
[ MAPSSM LLC | RSSSM | RBLSM | DULSM | TSI ] [ Contact Us ] Updated 2/2/2000.