Better to forward such as these to [log in to unmask] I sent yours on. Frankly, as you know, true spoofing is pretty hard to block. On 9/17/11 6:54 PM, Richard Wiggins wrote: > Over the last few days I've gotten a lot of spam spoofing my address > of [log in to unmask] as both sender and receiver. When I wrote > [log in to unmask] they advised me to block the sender. While I could do > that, for the naive eye, the sender is a faux me, and for the more > sophisticated eye, the sender varies. > > Here is the latest spam mail, including headers, showing that various > @msu.edu mailboxes are targets. Maybe ATS could investigate and block > this. > > /rich > > > Delivered-To: [log in to unmask] > Received: by 10.220.150.66 with SMTP id x2cs100855vcv; > Sat, 17 Sep 2011 02:54:07 -0700 (PDT) > Received: by 10.101.199.1 with SMTP id b1mr322199anq.113.1316253246653; > Sat, 17 Sep 2011 02:54:06 -0700 (PDT) > Return-Path:<[log in to unmask]> > Received: from mx50.mail.msu.edu (mx50.mail.msu.edu [35.9.75.200]) > by mx.google.com with ESMTPS id q20si7319259ann.202.2011.09.17.02.54.05 > (version=TLSv1/SSLv3 cipher=OTHER); > Sat, 17 Sep 2011 02:54:05 -0700 (PDT) > Received-SPF: neutral (google.com: 35.9.75.200 is neither permitted > nor denied by best guess record for domain of [log in to unmask]) > client-ip=35.9.75.200; > Authentication-Results: mx.google.com; spf=neutral (google.com: > 35.9.75.200 is neither permitted nor denied by best guess record for > domain of [log in to unmask]) [log in to unmask]; dkim=pass > [log in to unmask] > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; > d=msu.edu; s=mail; > h=Subject:Content-Transfer-Encoding:Message-ID:Content-Type:MIME-Version:Date:Subject:To:From; > bh=PPHK/Wp7KaXpYd/lArfkx4/wCaK+c9q7uYlkDGfsAls=; > b=PyByD4v7moLaK3up8gthlqFqDTy/KILfGbhldZR7oNVTRkpL6yR0L3O0MfUYDo8eqVBdehOIqhzSjbFYDpasXiikp9jzHmEbYCFOEQUFXrGWbE4AyOtqxxKyfKUql1C6RRYXr4bGG8JaODfrGYvmYTTDkQZGtH55DJMu7mZ+QdA=; > Received: from [31.162.119.179] > by mx50.mail.msu.edu with esmtp (Exim 4.75 #3) > id 1R4rb1-0003Ql-J8; Sat, 17 Sep 2011 05:54:04 -0400 > Received: from 31.162.119.179(helo=fkdafof.affywvodwzspl.su) > by with esmtpa (Exim 4.69) > (envelope-from ) > id 1MMYGQ-2440yd-8T > for [log in to unmask]; Sat, 17 Sep 2011 14:54:02 +0500 > From:<[log in to unmask]>, > <[log in to unmask]>, > <[log in to unmask]> > To:<[log in to unmask]>, > <[log in to unmask]>, > <[log in to unmask]> > Subject: FW: Update your PC > Date: Sat, 17 Sep 2011 14:54:02 +0500 > MIME-Version: 1.0 > Content-Type: text/html > charset="iso-8859-1" > X-Priority: 3 > X-Mailer: dztg-77 > Message-ID:<[log in to unmask]> > Content-Transfer-Encoding: quoted-printable > X-Virus: None found by Clam AV > X-Spam-Level: ****** > X-Spam-Report: All incoming messages to mail.msu.edu are analyzed for > typical spam > characteristics. See http://techbase.msu.edu/article.asp?id=11475 for > additional report information. > > Content preview: Best online (pirated) software: 92.63.81.93,Good Luck [...] > > > Content analysis details: (6.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [31.162.119.179 listed in zen.spamhaus.org] > 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT > [31.162.119.179 listed in bb.barracudacentral.org] > 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines > 0.0 HTML_MESSAGE BODY: HTML included in message > 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts > X-Spam-Score: 6.3 > Subject: *****SPAM***** FW: Update your PC > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> >