« Something New in Spam Crockery | Main | A 419 Lure Without the Sob Story »

November 19, 2006

(Yet Another Clueless Internet Service Provider)

I've been so busy lately that I haven't had a chance to check the "spam suspects" file on my server. This file contains mail that my filters have not summarily deleted, but instead have shunted to the side because the messages meet numerous requirements that make them likely to be spam. It's a huge file now, so my perusal could trigger multiple posts today.

The first item originates from a backscatter message I received from a domain I recognize all too well: 126.com. Over the years, I've seen tons of Chinese-language spam that has a contact email address using this domain name. I take it that 126.com is sort of like the yahoo.com of China.

So, the message I receive is from the Postmaster at 126.com as follows:

From: <postmaster@126.com>
To: dannyg@dannyg.com
Subject: You are sending a virus mail
Message-Id: <452D5B43.2EB1B2.04395>
Date: Thu, 12 Oct 2006 04:59:47 +0800 (CST)

You sent a virus mail, please check you computer for virus.

Mail header info:
From: dannyg@dannyg.com
To: [removed]@126.com
Subject: Re: Re: Document
Date: Wed, 11 Oct 2006 23:06:32 +0200

Here is a huge Chinese ISP basing its virus rejection based not on the IP address of the actual sending computer, but the forged From: field of the virus delivery message. In this day and age?

Incredible.