[Esa-l]"Cloaking" version of Sircam

Brett Glass brett at lariat.org
Wed Aug 1 13:04:34 PDT 2001


Just got a copy of Sircam with the following headers:

>> From Student.Publications at prodigy.net.mx  Wed Aug  1 13:34:34 2001
>> Return-Path: <Student.Publications at prodigy.net.mx>
>> Received: from portia.cc.emory.edu (portia.cc.emory.edu [170.140.204.3])
>>       by lariat.org (8.9.3/8.9.3) with ESMTP id NAA18398
>>       for <brett at lariat.org>; Wed, 1 Aug 2001 13:34:29 -0600 (MDT)
>> Received: from Student (dhcp19739.duc.emory.edu [170.140.197.39])
>>       by portia.cc.emory.edu (8.10.2/8.10.2) with SMTP id f71JYSr09285
>>       for <brett at lariat.org>; Wed, 1 Aug 2001 15:34:29 -0400 (EDT)
>> Message-Id: <200108011934.f71JYSr09285 at portia.cc.emory.edu>
>> From: "Student Publications"<Student.Publications at prodigy.net.mx>
>> To: brett at lariat.org
>> Subject: manifest
>> date: Wed, 1 Aug 2001 03:37:57 -0400
>> MIME-Version: 1.0

Note that it's disguising itself as a customer of the Mexican
Prodigy service when in fact the mail didn't touch any of Prodigy's
servers; it came from emory.edu. (I suspect that the mail actually
originated from "Student.Publications at emory.edu", though I haven't
confirmed this yet. This means that, as with Hybris, most recipients 
won't be able to determine how to send abuse reports. Nasty.

--Brett Glass



More information about the esd-l mailing list