Subject: Re: E-ALERT: URGENT BUY RECOMMENDATION

[an error occurred while processing this directive]
The report for this spam can be found at: Deadbeats Page 16.
Return-Path: <11175728@aol.com>
Received: from s1.redynet.com.ar ([200.32.1.162])          
by SantaClara01.pop.internex.net (Post.Office MTA v3.1.2          
release (PO203-101c) ID# 0-34792U7500L7500S0) with ESMTP          
id AAA1292 for <chris@lanets.com>; Mon, 8 Dec 1997 11:04:08 -0800
Received: from s1.redynet.com.ar ([208.136.7.217]) by s1.redynet.com.ar          
(post.office MTA v1.9.3 ID# 0-17789) with SMTP id ABM208;          
Mon, 8 Dec 1997 02:34:12 -0300
Received: from dfw-ix9.ix.netcom.com (dfw-ix9.ix.netcom.com [206.214.98.9]) 
for mrin60.mail.aol.com (8.8.5/8.8.5/AOL-4.0.0) with ESMTP id LAA14140; 
by mail.earthlink.net (ip159.hackensack3.nj.pub-ip.psi.net [38.26.49.159]) 
by relay1.smtp.psi.net (relay1.smtp.psi.net [38.8.14.2]) (8.8.5/8.6.5) with SMTP 
id GAA01705 for ; 
Mon, 08 Dec 1997 00:34:00 -0600 (EST)
Date: Mon, 08 Dec 97 00:34:00 EST
From: 11175728@aol.com
To: smartinvestors@newsletter.com
Subject: Re: E-ALERT: URGENT BUY RECOMMENDATION
Message-ID: <199712080033.RAA112@mrin60.mail.aol.com>
X-UIDL: b1a3c4cbf421e03bfd37a4c71dc35f8d
Comments: Authenticated sender is <youprofit2@aol.com>

Well, this little spammer has obviously presented me wiht a challenge.
LOTS of forgeries. I strongly suspect everything after the Netcom line is forged.

s1.redynet.com.ar ([200.32.1.162]) resolves, showing some spammer hijacking a server
in Agentina. That's not very nice.

208.136.7.217 resolves to: user7217.theonramp.net
This is the first of MANY forgeries. This is the point of origination.

(dfw-ix9.ix.netcom.com [206.214.98.9]) resolves, but is forged.

(ip159.hackensack3.nj.pub-ip.psi.net [38.26.49.159]) resolves, but is also forged.

mrin60.mail.aol.com does not resolve, but is forged anyways.

mail.earthlink.net resolves to: 204.250.46.123 and is forged.

relay1.smtp.psi.net [38.8.14.2] resolves, but is forged.

Well, obviously I've managed to cut through the crap, despite this spammer attempting to mislead me.
It is apparent that the spamming software purposely adds false information to the headers to deliberately
mislead.

OK, onto the forged domain used as a "TO:" address:

>whois newsletter.com
American Impressions (NEWSLETTER-DOM)
   417 Cleveland Ave.
   Plainfield, NJ 07060

   Domain Name: NEWSLETTER.COM

   Administrative Contact:
      Haedrich, Todd  (TH758)  todd@IDEAS.NET
      (908) 757 4815
   Technical Contact, Zone Contact:
      Advani, Rob  (RA2291)  admin@IDEAS.NET
      (908) 757-4815 (FAX) (908) 757-2604
   Billing Contact:
      Haedrich, Todd  (TH758)  todd@IDEAS.NET
      (908) 757 4815

   Record last updated on 20-Jun-97.
   Record created on 16-Nov-94.
   Database last updated on 8-Dec-97 05:17:04 EDT.

   Domain servers in listed order:

   EINSTEIN.IDEAS.NET           205.197.96.2
   VESPUCCI.IDEAS.NET           205.197.96.4

Done.
Got Betacam SP or UMatic SP tapes? We can transfer those for you!