I received the following e-mails which says it came from my e-mail
address???? which it has not. I have replaced the real mail address with
"mymail".

Its spamming a loan company

How have they done this?????

Return-Path: <(E-Mail Removed)>
Delivery-Date: Mon, 11 Aug 2003 06:41:43 +0100
Received: from sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn (actually
host wbar2.sjo1-4-4-032-087.sjo1.dsl-verizon.net) by dswu26 with SMTP
(XT-PP); Mon, 11 Aug 2003 06:41:30 +0100
X-Priority: 3 (Normal)
From: (E-Mail Removed)
To: (E-Mail Removed)
X-Sender: (E-Mail Removed)
Message-Id: <(E-Mail Removed)>
Date: Sun, 10 Aug 2003 23:37:27 -0700
Return-Path: (E-Mail Removed)
X-MSMail-Priority: Normal
Received: from sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn by
4b67ke.sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn with SMTP for
(E-Mail Removed); Sun, 10 Aug 2003 23:37:27 -0700
Subject: Extreme consolidation guidance
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: Quoted-Printable
<html>
</:
275:GKIJYNGVGCJXCFVDFBWFBEKDSTNELIBSGCDPAMWPWTDIXJTLPETUTASSLS8CAC5D8F41E019
C6769842E711C648E71EC2608DB563DE0F3CEA>
</:
275:866410840250874674056879128472018161730360719645347897826266113670097664
89888700687016997534969881370961547554152794113985101886646>
<body>
<p align=3D"center"><a href=3D"http://www.oasis.pro.br/det/"><img
border=3D"0" =
src=3D"http://www.oasis.pro.br/det/de0217.jpg" width=3D"400" height=3D385" =
align=3D"middle"></a></p>
<p><font
color=3D"#FFFFFF">WSKWCNAYPEEKUNMQYPJWITSUSVGDJBGTSTICFUWASILVXRXXUOIQ</font
></p>
</body>


AND ALSO:- this one from a porn site:-

Return-Path: <(E-Mail Removed)>
Delivery-Date: Sun, 10 Aug 2003 20:07:45 +0100
Received: from 192.168.254.31 (actually host
ip-69-33-65-183.chi.megapath.net) by dswu26 with SMTP (XT-PP); Sun, 10 Aug
2003 20:07:42 +0100
Received: from triad.rr.com ([138.138.138.138]) by triad.rr.com
(8.9.3/8.9.3) with SMTP id 27680 for <(E-Mail Removed)>; Sun, 10 Aug 2003
15:08:27 -0400
Message-ID: <2768027680fhqwdxuphwdovCewfolfn1frp@192.168.254.31>
Received: from [138.138.138.138] by web27680.mail.yahoo.com via HTTP; Sun,
10 Aug 2003 15:08:27 -0400
From: "Edwyn Ralph" (E-Mail Removed) """BUT NOT MY ISP"""
To: "centaurmetals" <(E-Mail Removed)>
Date: Sun, 10 Aug 2003 15:08:22 -0400
Subject: hey
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0000_6C206C20.6C206C20"

------=_NextPart_000_0000_6C206C20.6C206C20
Content-Type: text/html;
Content-Transfer-Encoding: base64

PGh0bWw+PCEyNzY4MD4KPEJPRFkgYmdjb2xvcj0iIzAwMDAzMyIgdGV4dD0iI0ZGQ0MwMCI+Cjxw
IGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9IkFyaWFsIiBzaXplPSIzIiBjb2xvcj0iI0ZGMDAw
MCI+PGI+PGZvbnQgc2l6ZT0iNSI+SEFSRENPUkUgT0ZGSUNFIFNFWCE8L2ZvbnQ+PC9iPjwvZm9u
dD48Zm9udCBjb2xvcj0iI0ZGQ0MwMCIgc2l6ZT0iNSI+PC9mb250PjwvcD4KPHAgYWxpZ249ImNl
bnRlciI+PGZvbnQgY29sb3I9IiNGRjk5MDAyNzY4MCI+PGZvbnQgc2l6ZT0iNCI+LUhpPCEyNzY4
MD5naCBjbDwhMjc2ODA+YXNzIFNsdTwhMjc2ODA+dHMhPC9mb250PjwvZm9udD48YnI+PGZvbnQg
Y29sb3I9IiNGRjY2MDAiIHNpemU9IjQiPgotU2VlIDEwMDBzIG9mIGhvPCEyNzY4MD50LCB5b3U8
ITIwNDExPm5nIGFuZCBob3JueSA8YnI+c2VjcmU8ITIwNDExPnRhcmllcyBnZXR0PCEyMDQxMT5p
bmcgZnVjPCEyMDQxMT5rZWQgYXQgdGhlIG9mZmljZSE8L2ZvbnQ+PC9wPgo8cCBhbGlnbj0iY2Vu
dGVyIiA+PHN0cm9uZz48YnI+PGZvbnQgY29sb3I9IiNGRjk5MDAyMDQxMSIgc2l6ZT0iNSI+Ci08
L2ZvbnQ+PGZvbnQgc2l6ZT0iNSI+QWJzb2x1PCEyMDQxMT50ZWx5IEZyPCEyMDQxMT5lZSE8L2Zv
bnQ+PGJyPjwvc3Ryb25nPjwvcD48ZGl2IGFsaWduPSJjZW50ZXIiPgo8cD48YSBocmVmPSJodHRw
Oi8vMjExLjQxLjI0Ni42OC9kbWFkaGhzLmh0bWwiPjwhMjA0MTE+PGZvbnQgY29sb3I9IiNGRkZG
RkYiIHNpemU9IjYiPkdvIHRvIGFjPCEyMDQxMT50bG88ITIwNDExPm48ITIwNDExP


</html>


--
Archy

GSV,

Thanks for that, I thought they had gained access to my computer somehow and
were using it to send spam.

"GSV Three Minds in a Can" <GSV@[127.0.0.1]> wrote in message
news:wYVrkxR2h3N$EAL$@from.is.invalid...
> Bitstring <bh7pku$ses$(E-Mail Removed)>, from the wonderful person
> Archy <*****@btclick.com> said
> >I received the following e-mails which says it came from my e-mail
> >address???? which it has not. I have replaced the real mail address with
> >"mymail".
> >
> >Its spamming a loan company
> >
> >How have they done this?????
>
> They faked the from, and reply to, addresses .. not uncommon in Spam.
> Obviously you can't do this via a decent ISP's SMTP server, but there
> are plenty of ways available to the unscrupulous (i.e. spammers). If you
> stick the raw text (headers + email) into spamcop.net you can a) find
> out where they really came from, and b) report them.
>
> the first one needs to go to (E-Mail Removed):
>
> host wbar2.sjo1-4-4-032-087.sjo1.dsl-verizon.net (checking ip) =
> 4.4.32.87
> host 4.4.32.87 (getting name) =
> wbar2.sjo1-4-4-032-087.sjo1.dsl-verizon.net.
> DNS checks pass
> Possible spammer: 4.4.32.87
> 4.4.32.87 is not an MX for wbar2.sjo1-4-4-032-087.sjo1.dsl-verizon.net
> host wbar2.sjo1-4-4-032-087.sjo1.dsl-verizon.net (checking ip) =
> 4.4.32.87
> Received line accepted
>
> Received: from sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn by
> 4b67ke.sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn with SMTP for x;
> Sun, 10 Aug 2003 23:37:27 -0700
> no ip found in received line
> Checking non-IP received line
> host sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn (checking ip) ip
> not found ; sbqaj.miudj.lvchzfp.eofqdi.kzt.dfjxcyizgioyogygn discarded
> as fake.
> DNS check fails
>
>
> Tracking message source: 4.4.32.87:
> Display data:
> "whois (E-Mail Removed)" (Getting contact from whois.arin.net )
> Found AbuseEmail in whois (E-Mail Removed)
> 4.0.0.0 - 4.255.255.255:(E-Mail Removed)
> Routing details for 4.4.32.87
> Using abuse net on (E-Mail Removed)
> abuse net genuity.com = (E-Mail Removed)
> Using best contacts (E-Mail Removed)
> 4.4.32.87 listed in dnsbl.njabl.org ( 127.0.0.3 )
> 4.4.32.87 listed in dnsbl.njabl.org ( 127.0.0.3 )
> 4.4.32.87 not listed in proxies.blackholes.easynet.nl
> 4.4.32.87 listed in dnsbl.sorbs.net ( 127.0.0.3 )
> 4.4.32.87 is an open proxy
> 4.4.32.87 not listed in query.bondedsender.org
>
> Finding links in message body
>
> Would send message source reports to:
>
> Re:4.4.32.87 (Administrator of network where email originates)
>
> (E-Mail Removed)
>
> -------------------------------------------------------------------------
> --------------------------
>
> the second one belongs to (E-Mail Removed)
>
> Received: from 192.168.254.31 (actually host
> ip-69-33-65-183.chi.megapath.net) by dswu26 with SMTP (XT-PP); Sun, 10
> Aug 2003 20:07:42 +0100
> Bogus IP in HELO removed: 192.168.254.31
> Received: from x (actually host ip-69-33-65-183.chi.megapath.net) by
> dswu26 with SMTP (XT-PP); Sun, 10 Aug 2003 20:07:42 +0100
> no ip found in received line
> Checking non-IP received line
> host ip-69-33-65-183.chi.megapath.net (checking ip) = 69.33.65.183
> host 69.33.65.183 (getting name) = ip-69-33-65-183.chi.megapath.net.
> DNS checks pass
> Possible spammer: 69.33.65.183
> 69.33.65.183 is not an MX for ip-69-33-65-183.chi.megapath.net
> host ip-69-33-65-183.chi.megapath.net (checking ip) = 69.33.65.183
> Received line accepted
>
> Received: from triad.rr.com ([138.138.138.138]) by triad.rr.com
> (8.9.3/8.9.3) with SMTP id 27680 for <(E-Mail Removed)>; Sun, 10 Aug
> 2003
> host 69.33.65.183 (getting name) = ip-69-33-65-183.chi.megapath.net.
> host ip-69-33-65-183.chi.megapath.net (checking ip) = 69.33.65.183
> 69.33.65.183 not listed in dnsbl.njabl.org
> 69.33.65.183 not listed in proxies.blackholes.easynet.nl
> 69.33.65.183 not listed in dnsbl.sorbs.net
> 69.33.65.183 is not an MX for triad.rr.com
> 69.33.65.183 not listed in dnsbl.njabl.org
> Possible spammer: 138.138.138.138
> host triad.rr.com (checking ip) = 24.28.227.96
> 24.28.227.96 not listed in dnsbl.njabl.org
> 24.28.227.96 not listed in proxies.blackholes.easynet.nl
> 24.28.227.96 not listed in dnsbl.sorbs.net
> 138.138.138.138 is not an MX for triad.rr.com
> Looks like a forgery
>
> Tracking message source: 69.33.65.183:
> Routing details for 69.33.65.183
> [refresh/show] Cached whois for 69.33.65.183 : arin-(E-Mail Removed)
> Using abuse net on arin-(E-Mail Removed)
> abuse net megapath.net = (E-Mail Removed)
> Using best contacts (E-Mail Removed)
> 69.33.65.183 not listed in dnsbl.njabl.org
> 69.33.65.183 not listed in dnsbl.njabl.org
> 69.33.65.183 not listed in proxies.blackholes.easynet.nl
> 69.33.65.183 not listed in dnsbl.sorbs.net
> 69.33.65.183 not listed in relays.ordb.org.
> 69.33.65.183 not listed in query.bondedsender.org
>
> Finding links in message body
> error: couldn't parse head
> Message body parser requires full, accurate copy of message
> More information on this error..
> no links found
>
>
> Please make sure this email IS spam:
> From: "Edwyn Ralph" (E-Mail Removed) """BUT NOT MY ISP""" (hey)
> ------=_NextPart_000_0000_6C206C20.6C206C20
> Content-Type: text/html;
> View full message
>
>
> Report Spam to:
>
>
> Re:69.33.65.183 (Administrator of network where email originates)
> To: (E-Mail Removed) (Notes)
>
> --
> GSV Three Minds in a Can
> Outgoing Msgs are Turing Tested,and indistinguishable from human typing.

On Mon, 11 Aug 2003 12:05:26 +0100, GSV Three Minds in a Can
<GSV@[127.0.0.1]> wrote in alt.comp.anti-virus:

>They faked the from, and reply to, addresses .. not uncommon in Spam.
>Obviously you can't do this via a decent ISP's SMTP server,

Of course you can. Check your e-mail.... :-)

Carol

Bitstring <(E-Mail Removed)>, from the
wonderful person (E-Mail Removed) said
>On Mon, 11 Aug 2003 12:05:26 +0100, GSV Three Minds in a Can
><GSV@[127.0.0.1]> wrote in alt.comp.anti-virus:
>
>>They faked the from, and reply to, addresses .. not uncommon in Spam.
>>Obviously you can't do this via a decent ISP's SMTP server,
>
>Of course you can. Check your e-mail.... :-)

I checked your ISP. I rest my case. 8>.

--
GSV Three Minds in a Can
Outgoing Msgs are Turing Tested,and indistinguishable from human typing.