From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,e9d84ce06116c5ae
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-09-26 16:21:07 PST
Path: 
 news1.google.com!sn-xit-02!sn-xit-06!sn-xit-08!supernews.com!newsfeeds.sol.net!chcgil2-snh1.gtei.net!news.bbnplanet.com!crtntx1-snh1.gtei.net!news.gtei.net!newsfeed1.easynews.com!easynews.com!easynews!small1.nntp.aus1.giganews.com!border1.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.gbronline.com!news.gbronline.com.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 26 Sep 2003 18:21:51 -0500
Date: Fri, 26 Sep 2003 18:21:06 -0500
From: Wes Groleau <groleau@freeshell.org>
Reply-To: groleau@freeshell.org
Organization: Ain't no organization here!
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
 rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en, es-mx, pt-br, fr-ca
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Current "Swen" worm attack - the best address
References: <e2e5731a.0309241431.10694993@posting.google.com>
 <slrnbn598s.gt.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309250843.7f8efab6@posting.google.com>
 <slrnbn6h28.d5.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309251916.181d1016@posting.google.com>
 <slrnbn8014.m8.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309260920.451e1323@posting.google.com>
In-Reply-To: <e2e5731a.0309260920.451e1323@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <DpSdnbIMXJuSV-miU-KYgw@gbronline.com>
NNTP-Posting-Host: 69.9.86.90
X-Trace: 
 sv3-GHTJColycq4wRIbM+gnxtkBO5FqTQLFBy2VQgzNUZG2QtS5QCo9FWDe+DLpUySlwuURpimKdjUj2pUg!MlHr4eCMaqIxbL3LXTiyjSUVixRJoimBm5TZdZQjMik1XmScs3Fn2Fk7O8Xnli29IdQUYPi01RHA
X-Complaints-To: abuse@gbronline.com
X-DMCA-Complaints-To: abuse@gbronline.com
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint
 properly
X-Postfilter: 1.1
Xref: news1.google.com comp.lang.ada:43201
Date: 2003-09-26T18:21:06-05:00
List-Id: <comp.lang.ada>

Alexander Kopilovitch wrote:
> Forging "From:" field is certainly common, but forging headers require more
> effort. Also, it is not a simple thing to get over 1000 different good-looking
> addresses this way.

Forging downstream Received headers is impossible,
but most spammer support programs routinely add
one or more fake headers to make it appear that
the origin is one or more hops further than it is.

The headers posted appear to contain that sort of forgery.

-- 
Wes Groleau
Heroes, Heritage, and History
http://freepages.genealogy.rootsweb.com/~wgroleau/