karlisma Posted February 23, 2007 Share Posted February 23, 2007 Received: from x (x [REA.LIP.ADD.RES]) by my.mail.server (8.11.6/8.11.6) with ESMTP id WQRTETQRT for <x>; Fri, 23 Feb 2007 20:26:09 +0200 (EET) Received: from x (x [SOU.RCE.ADD.RES] (may be forged)) by x (8.13.6/8.13.6) with ESMTP id WQRTETQRT for <x>; Fri, 23 Feb 2007 21:12:08 +0300 (EET) Date: Fri, 23 Feb 2007 21:12:06 +0300 (EET) and then the best part: Received: from 192.168.0.%RND_DIGIT (x-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for <%TO_EMAIL>; %CURRENT_DATE_TIME Message-Id: <%RND________________WORD[at]mail%SINGSTAT.%RND_FROM_DOMAIN> From: "%FROM_NAME" <[at]FROM_EMAIL> X-SpamPal: PASS so - the only real header is the first... all others - fake just to make last line X-SpamPal: PASS. spamcop parser discards the second part, as it knows my mail hosts... other tools are being fooled by it. plain and simple, and - thus - spamcop may delete it from report (in my opinion) because that string: SINGSTAT, in second part of the code, will be my mail.mysubdomain.com, which never really exist, therefore reveling my identity. the headers are taken from message that somehow slipped out from zombie with empty form fields. All they do - fill forms. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.