[wplug] Help tracking down a spam problem.

Bill Moran wmoran at potentialtech.com
Mon Nov 22 12:34:23 EST 2004


Tom Rhodes <trhodes at FreeBSD.org> wrote:
> On Sat, 20 Nov 2004 09:12:45 -0500
> Bill Moran <wmoran at potentialtech.com> wrote:
> 
> > 
> > I'm trying to help a client resolve a spam problem.  He's being
> > accused of spamming, and we can't determine whether it's really
> > his problem, or if the mail is being forged.
> > 
> > The only thing that links the mail to him is a header that says:
> > X-AOL-IP: <his mailserver IP>
> > 
> > I've been searching google and AOL's site, and can't seem to
> > find any information on this header.  Does anyone know if this
> > is a header legitimately added by AOL, or if it's a phony, forged
> > header?
> 
> Can't you trace it to HIS IP?

Hmmm ... I'd forgotten that I'd sent this.

I did (finally) track it down via the message-id.  I was getting some
very strange reports from people, but some of them had enough information
to track it back to his mailserver.

We disabled the problematic account, but the larger problem still needs
resolved.  I'm still discussing that with him.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


More information about the wplug mailing list