[NTLUG:Discuss] (no subject)

David Stanaway david at stanaway.net
Sun May 15 08:45:24 CDT 2011


It may also be that this spammer has found out how to exploit hotmail 
and yahoo's relay.

Received: from col0-omc2-s9.col0.hotmail.com ([65.55.34.83])
	by host.pmichaud.com with esmtp (Exim 4.69)
	(envelope-from<josh_b_miller at hotmail.com>) id 1QLRdT-0006gM-36
	for discuss at ntlug.org; Sat, 14 May 2011 22:04:51 -0500


The hotmail relay looks legit.  The only posts from josh_b_miller going 
back server years are the last three spam.

Likewise the yahoo spam from: Garen Evans II

Received: from nm30.access.bullet.mail.sp2.yahoo.com ([98.139.44.157])
	by host.pmichaud.com with smtp (Exim 4.69)
	(envelope-from<garen_evans2 at yahoo.com>) id 1QLGMd-0001Pw-6n

	for discuss at ntlug.org; Sat, 14 May 2011 10:02:43 -0500
...

Received: from [95.9.36.245] by web83912.mail.sp1.yahoo.com via HTTP;
	Sat, 14 May 2011 08:02:40 PDT


The only mail going back several years was this one spam.


Either they are legitimate members that got hacked or they are drone 
accounts the spammers have joined up.

Listmaster should be able to find out when these accounts joined the 
list. Are they both recent or did they join at different times some some 
time ago?  If the former, it might be interesting to see if there is a 
spike of new joins, I would be suspicious of any recent joins from free 
webmail providers.


On 5/14/2011 11:51 PM, Bryan Wangler wrote:
> I suspect his email account got hacked
> in which case there needs to be a temporary removal of josh's account and he
> needs to be notified
>
> On Sat, May 14, 2011 at 10:04 PM, Josh Miller<josh_b_miller at hotmail.com>wrote:
>
>   [ some spam removed ]



More information about the Discuss mailing list