[HECnet] new message
Paul_Koning at Dell.com
Paul_Koning at Dell.com
Mon May 9 06:55:12 PDT 2016
> On May 9, 2016, at 9:45 AM, paul_koning at dell.com wrote:
>
>
>> On May 9, 2016, at 4:36 AM, Johnny Billquist <bqt at softjar.se> wrote:
>>
>> Nope, you should not. Someone got hacked, or got a virus or something. HECnet only allows posts from subscribed members...
>
> Not necessarily; that depends on how thorough the list server is. A substantial fraction of this sort of criminal email has forged sender addresses. I occasionally get bounce messages sent to me in response to forgeries that clearly (from their forwarding headers) did not originate on my system, or even in my country.
I just looked at the headers of the offending message: it certainly looks like a forged source address. It is not entirely clear which of the forwarding headers are real, but possibly an ISP in Sweden is part of the path. Open relay somewhere?
paul
More information about the Hecnet-list
mailing list