[NTLUG:Discuss] (no subject)
David Stanaway
david at stanaway.net
Sun May 15 08:45:24 CDT 2011
It may also be that this spammer has found out how to exploit hotmail
and yahoo's relay.
Received: from col0-omc2-s9.col0.hotmail.com ([65.55.34.83])
by host.pmichaud.com with esmtp (Exim 4.69)
(envelope-from<josh_b_miller at hotmail.com>) id 1QLRdT-0006gM-36
for discuss at ntlug.org; Sat, 14 May 2011 22:04:51 -0500
The hotmail relay looks legit. The only posts from josh_b_miller going
back server years are the last three spam.
Likewise the yahoo spam from: Garen Evans II
Received: from nm30.access.bullet.mail.sp2.yahoo.com ([98.139.44.157])
by host.pmichaud.com with smtp (Exim 4.69)
(envelope-from<garen_evans2 at yahoo.com>) id 1QLGMd-0001Pw-6n
for discuss at ntlug.org; Sat, 14 May 2011 10:02:43 -0500
...
Received: from [95.9.36.245] by web83912.mail.sp1.yahoo.com via HTTP;
Sat, 14 May 2011 08:02:40 PDT
The only mail going back several years was this one spam.
Either they are legitimate members that got hacked or they are drone
accounts the spammers have joined up.
Listmaster should be able to find out when these accounts joined the
list. Are they both recent or did they join at different times some some
time ago? If the former, it might be interesting to see if there is a
spike of new joins, I would be suspicious of any recent joins from free
webmail providers.
On 5/14/2011 11:51 PM, Bryan Wangler wrote:
> I suspect his email account got hacked
> in which case there needs to be a temporary removal of josh's account and he
> needs to be notified
>
> On Sat, May 14, 2011 at 10:04 PM, Josh Miller<josh_b_miller at hotmail.com>wrote:
>
> [ some spam removed ]
More information about the Discuss
mailing list