On Jan 13, 2009, at 6:30 PM, Rich Kulawiec wrote:
On Tue, Jan 13, 2009 at 08:46:39PM -0500, Chris Lewis wrote:
It won't verify, because it's signing the To, I have a copy with a
different To, with the same signature.
Yep, same here. My copy appears to have been deliberately
backscattered
of an Exchange server (dsmail01.deansteel.com) -- unless, of course,
that server's been botted, in which case no backscatter necessary.
Most interesting; do either of you think this is a test run for
something more subtle?
More likely accidental. Creating boilerplates for spamware
by copying headers from a random legitimate message is
nothing new (e.g. TheBat).
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg