kranky
Elite Member
I got an email yesterday trying to phish for bank information, but the spammer screwed up the body of the message. It came again today but they fixed their mistake. The email is supposedly from USBank.
The header says:
Received: from mailexchanger1.[myisp].com (mailexchanger1.[myisp].com [208.xxx.xxx.xxx]) by oldmail.[myisp].com (8.12.10/8.12.10) with ESMTP id i2UE29wa031636 for <kranky@[myisp].com>; Tue, 30 Mar 2004 09:02:09 -0500 (EST)
Received: from lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net (lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net [4.46.141.48]) by mailexchanger1.[myisp].com (8.12.10/8.12.10) with SMTP id i2UE7SKJ049647 for <kranky@[myisp].com>; Tue, 30 Mar 2004 09:07:36 -0500 (EST)
Received: from usbank.com (mail2.usbank.com [170.135.240.62]) by lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net (Postfix) with ESMTP id 13E51F2ED2 for <kranky@[myisp].com>; Tue, 30 Mar 2004 08:01:14 -0600
How do they get the Received entry to make it look like it originated from mail2.usbank.com? I've never noticed spammers being able to do that before.
The header says:
Received: from mailexchanger1.[myisp].com (mailexchanger1.[myisp].com [208.xxx.xxx.xxx]) by oldmail.[myisp].com (8.12.10/8.12.10) with ESMTP id i2UE29wa031636 for <kranky@[myisp].com>; Tue, 30 Mar 2004 09:02:09 -0500 (EST)
Received: from lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net (lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net [4.46.141.48]) by mailexchanger1.[myisp].com (8.12.10/8.12.10) with SMTP id i2UE7SKJ049647 for <kranky@[myisp].com>; Tue, 30 Mar 2004 09:07:36 -0500 (EST)
Received: from usbank.com (mail2.usbank.com [170.135.240.62]) by lsanca2-ar27-4-46-141-048.lsanca2.dsl-verizon.net (Postfix) with ESMTP id 13E51F2ED2 for <kranky@[myisp].com>; Tue, 30 Mar 2004 08:01:14 -0600
How do they get the Received entry to make it look like it originated from mail2.usbank.com? I've never noticed spammers being able to do that before.
