xpbargains.net spam [was: Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)']

Sat Dec 11 15:42:11 UTC 2010

On Fri, Dec 10, 2010 at 8:47 AM, Ian Smith <smithi at nimnet.asn.au> wrote:

> In freebsd-questions Digest, Vol 340, Issue 11, Message: 27
> On Fri, 10 Dec 2010 00:54:37 -0500
>  > On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol <onemda at gmail.com> wrote:
>
> No, he didn't.  These mails are FORGED as being from freebsd-questions
> participants, and on first glance may appear to be list postings.  They
> used to get posted to the list itself also, but postmaster@ blocked the
> nuisance source back in August.  However that doesn't stop them from
> targetting individual list participants, like you.
>
> If you examine the full mail headers, it's likely to have originated
> from the following IP address.  If so, you just need to block that
> address at your mailserver.  But if they've moved, we need to know ..
>
> Quoting from a message to postmaster@ in August:
>
>  > As Roland pointed out, the phishing/virus/whatever referral has switched
>  > from downwind.com.au to xpbargains.net, and possibly some others.
>  >
>  > Here's the business:
>  >
>  > % dig +short -x 64.38.11.26
>  > allmail.0b2.net.
>  > % dig +short allmail.0b2.net.
>  > 64.38.11.26
>  > % dig +short dusk.parklogic.com
>  > 64.38.11.26
>  >
>  > If you can discard by Message-ID then every one of these, including the
>  > privately mailed ones, has @dusk.parklogic.com there.
>  >
>  > If you can block by IP, then that's the one.  Or by hostname, every one
>  > so far has been relayed by allmail.0b2.net (that's a zero).
>
> So if the full headers reveal coming from that hostname or that IP or
> any other IP in 64.38.11.26/29, just block that and move on.
>
> If it's a different address range now, please provide the full headers
> for the message you received, with a copy to postmaster at freebsd.org
>
> Thanks, Ian  (please cc me on any reply, I take this list as a digest)
>

Of all the mail I got on this subject, yours was the most informative.
Thanks. But my question is this. Does GMail provide access to the full
headers? For example when I click 'Show Details' I see the following and not
much else

> from        Paul B Mahol <xx at xx.xx>
> sender-time    Sent at 4:30 AM (GMT+11:00). Current time there: 2:35 AM.
> to        Chris Brennan <xx at xx.xx>
> cc        FreeBSD-Questions <xx-xx at xx.xx>, Mark <xx at xx.xx>
> date        Mon, Nov 8, 2010 at 4:30 AM
> subject    Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)'

The above header just arrived as I was typing this so I thought it an
excellent example. Obviously, I've masked addresses but the point is the
same, g-mail doesn't give much in the way of detail. Short of flagging one
item as spam has the potential risk of sending all FreeBSD-Questions mail to
the spam folder which is just a swirling vortex of nothingness that gets
deleted. If it's managed to get routed there, it stays there, I rarely go
digging for mail in my spam folder because I rarely find stuff that was sent
to detention without rightfully being there.

C-