I believe these are likely being sent to the entire available @[log in to unmask] list.
Most likely harvested with a  script from the people search function.

In the header the wording of the X-AntiAbuse block and the fact that it uses
Exim leads me to beleive it was sent via a webmail client or web form from a
cPanel web server.

A whois on the domain dreamdorks.com reveals ...
 Administrative Contact:
      Gottlieb, Ryan  [log in to unmask]
      Dream Dorks INC.
      5511 Hampshire
      West Bloomfield, Michigan 48322
      United States
      2487605183      Fax --

I'm not sure if he is loosely affiliated with MSU, but he doesn't come up
from a people search.  Although he is in West Bloomfield so chances are
somewhat good that he is.



On 5/1/05 7:41 PM, "Ray Hernandez" <[log in to unmask]> wrote:

> I'm not sure there would be much value with trying to investigate this.
> I don't really rate these any higher than the other 400K spams that we
> get on a daily basis. We have people on MSU dial-up accounts that send
> spams through our server and not much is done to put a stop to that, as
> far as I know anyway. My personal feeling is that unless it becomes a
> huge problem, it should just be ignored like any other nuisance.
> --Ray
>
> Chris Wolf wrote:
>> The server is the same as the Izzo message. The headers on the Izzo message
>> showed it to originate from a Comcast customer in Walled Lake, whose
>> computer name was EVAN. I would guess this is from the same computer, but
>> the sender seems to have figured out how to remove the other info since
>> then; this one shows "nobody" as the originator. Seems as though someone at
>> MSU ought to be following up on this.
>>
>
>

--
Bryan Murphy
GuardianLogic, Inc. | http://guardianlogic.com
Delivering Security.