In this class of spam, it's generally easy to figure out _where_ the
compromised user existed, and often easy to tell the IP by which it was
compromised, but seldom do you get a correct email address for the
phished account, or at least, not one that you could trust.
Odd, my experience is quite different. The address typically looks
real and matches stuff in Received: lines. Perhaps I'm fooled by
unusually brilliant header forgery, but it doesn't look like it. This
stuff doesn't appear to be bots, it's sent using phished credentials.
For the systems that log the connecting IP, it's often in Nigeria or
China.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg