Update on Spam Story

Well for those who care, I say you must be really bored, here is an update on my spam story. If anything Ill post it here for later use..

It turns out the spam was sent by a known spammer mailer called The Bat! Which can forge email headers and other nasty mail tricks. What scares me about the spam today was I was 100% without a doubt sure it was not being sent from my server but in the email headers it showed my ip, It did hover show the wrong hostname.

Here is what a legitimate email sent from my server looks like

Here is what one of my mails headers look like
Return-path:
Envelope-to: sales@secureservertech.com
Delivery-date: Thu, 25 Jan 2007 02:40:22 -0500
Received: from secure by cp.secureservertech.com with local-bsmtp (Exim 4.63)
(envelope-from )
id 1H9zDY-00054P-Ub
for sales@secureservertech.com; Thu, 25 Jan 2007 02:40:21 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
cp.secureservertech.com
X-Spam-Level:
X-Spam-Status: No, score=0.7 required=5.0 tests=NO_REAL_NAME,NO_RELAYS,
X_PRIORITY_HIGH autolearn=no version=3.1.7
Received: from optix by cp.secureservertech.com with local (Exim 4.63)
(envelope-from )
id 1H9zDW-0002V6-QR
for sales@secureservertech.com; Thu, 25 Jan 2007 02:40:20 -0500
Received: from 74.34.110.120 ([74.34.110.120])
(SquirrelMail authenticated user admin@nix101.com)
by 75.126.51.154 with HTTP;
Thu, 25 Jan 2007 02:40:18 -0500 (EST)
Message-ID: <60112.74.34.110.120.1169710818.squirrel@75.126.51.154>
Date: Thu, 25 Jan 2007 02:40:18 -0500 (EST)
Subject: sales@secureservertech.com
From: admin@nix101.com
To: sales@secureservertech.com
User-Agent: SquirrelMail/1.4.9a

The nobody mail is quite similar, and here is the headers from the spam mails:

Received: from dgz64.neoplus.adsl.tpnet.pl (dgz64.neoplus.adsl.tpnet.pl [83.23.181.64])
by mailcenter.whatifnet.com (Spam Firewall) with ESMTP
id BE448D001A31; Thu, 25 Jan 2007 02:26:58 -0500 (EST)
Received: from 75.126.80.38 (HELO secureservertech.com)
by antiochsb.edu with esmtp (,?)9(93A I>*@)
id 3E(0YU-29W9A9->9
for cwhite@antiochsb.edu; Thu, 25 Jan 2007 07:27:28 -0060
Date: Thu, 25 Jan 2007 07:27:28 -0060
From: “Refugio Chatman”
X-Mailer: The Bat! (v2.00.3) Personal
X-Priority: 3 (Normal)
Message-ID: <425220348.90954263382408@thebat.net>
To: cwhite@antiochsb.edu
Subject: Best prices for you
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”———-486E05E05E05E21″
X-Spam: Not detected

So you can tell a difference. I dont understand why any scumbag would do this, whether they are doing this because they don’t like me or they just found a domain and done it . Who knows, Ive never really dealt with any spammers so i don’t know. I guess I will see what happens, the security and abuse department at softlayer is aware of it so lets hope they know whats up in the case of abuse reports or blacklisting.