UltraDNS mail admin around?

Chris Lewis clewis at nortel.com
Wed Oct 8 17:18:16 UTC 2008


Randy Bush wrote:
> Randy Bush wrote:
>> Andrey Gordon wrote:
>>> I'm getting bombarded by these
>>>
>>> Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
>>>     mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
>>>     mason_johnn at i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
>>> Message-ID: <000701c847d7$0379bd21$79a237a3 at muffejda>
>>> From: "Handbags" <andrzej at myrealbox.com>
>>> To: "Replica Watches" <mason_johnn at i2c.com>

> was ultra really the next hop?

Either Ultradns is Andrey's mail server, or he appears to have left out
his perimeter's Received line.  More likely the latter.  Without seeing
the final received line, can't tell whether this really went thru UltraDNS.

Many BOTS forge headers.  It's not at all unusual to see:

Received: from a by b (b is my server)
Received: from c by d

where d != a.  Meaning the second Received line is entirely fabricated.





More information about the NANOG mailing list