I believe these are likely being sent to the entire available @msu.edu list.
Most likely harvested with a script from the people search function.
In the header the wording of the X-AntiAbuse block and the fact that it uses
Exim leads me to beleive it was sent via a webmail client or web form from a
cPanel web server.
A whois on the domain dreamdorks.com reveals ...
Administrative Contact:
Gottlieb, Ryan [log in to unmask]
Dream Dorks INC.
5511 Hampshire
West Bloomfield, Michigan 48322
United States
2487605183 Fax --
I'm not sure if he is loosely affiliated with MSU, but he doesn't come up
from a people search. Although he is in West Bloomfield so chances are
somewhat good that he is.
On 5/1/05 7:41 PM, "Ray Hernandez" <[log in to unmask]> wrote:
> I'm not sure there would be much value with trying to investigate this.
> I don't really rate these any higher than the other 400K spams that we
> get on a daily basis. We have people on MSU dial-up accounts that send
> spams through our server and not much is done to put a stop to that, as
> far as I know anyway. My personal feeling is that unless it becomes a
> huge problem, it should just be ignored like any other nuisance.
> --Ray
>
> Chris Wolf wrote:
>> The server is the same as the Izzo message. The headers on the Izzo message
>> showed it to originate from a Comcast customer in Walled Lake, whose
>> computer name was EVAN. I would guess this is from the same computer, but
>> the sender seems to have figured out how to remove the other info since
>> then; this one shows "nobody" as the originator. Seems as though someone at
>> MSU ought to be following up on this.
>>
>
>
--
Bryan Murphy
GuardianLogic, Inc. | http://guardianlogic.com
Delivering Security.
