Blackshirt
Team HuskerBoard
Just thought Id throw this out here for the geek gallery. Ive been receiving a large spike in "returned emails" lately to my hboard.com addy - around 200/day - which seem to be from someone spoofing variations of the huskerboard.com email. I dismissed them at first, but after looking at a couple they seem to be using the type of names taht sound like they could be coming from our local asshats at HPH. i.e. Gay.Blackwell@huskerboard.com
Here are the full headers. maybe someone can make sense of them and we can come up with an IP match, which would really implicate these fux. FYI i havent heard back from Birch, and just havent had time lately to follow up. Im assuming theyre still invstigating and are just playing it conservative, so as not to get into legal probs from either end. but I will def call them back Thur or Fri if I havent heard back. the key is that it seems to have stopped for now, which is probably why birch isnt acting quicker. but if we can corroborate these emails that would be even totally sweeter.
From MAILER-DAEMON@yahoo.com Wed Sep 7 13:45:33 2005
X-Apparently-To: huskerboard@yahoo.com via 206.190.39.130; Wed, 07 Sep 2005 13:45:35 -0700
X-YahooFilteredBulk: 69.41.165.43
X-Originating-IP: [69.41.165.43]
Return-Path: <>
Authentication-Results: mta165.mail.dcn.yahoo.com domainkeys=neutral (no sig)
Received: from 69.41.165.43 (EHLO mail.edgerack.com) (69.41.165.43) by mta165.mail.dcn.yahoo.com with SMTP; Wed, 07 Sep 2005 13:45:35 -0700
Received: from barracuda.newwindsorbank.com (mail.newwindsorbank.com [209.150.104.26]) by mail.edgerack.com (Postfix) with ESMTP id A08008B8D4F for <Gay.Blackwell@huskerboard.com>; Wed, 7 Sep 2005 15:45:33 -0500 (CDT)
MIME-Version: 1.0
From: MAILER-DAEMON@ Add to Address BookAdd to Address Book,
Message-Id: <49117279665959.21793973@attract/keep>
Subject: **Message you sent blocked by our bulk email filter**
Content-Type: multipart/report; report-type=delivery-status; charset=utf-8; boundary="----------=_1126125933-9979-3"
To: Gay.Blackwell@huskerboard.com
Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Content-Length: 1082
Your message to: bfisher@newwindsorbank.com,
dandutter@newwindsorbank.com, trasmussen@newwindsorbank.com
was blocked by our Spam Firewall. The email you sent with the following
subject has NOT BEEN DELIVERED:
Subject: FW: whats up?
Message/delivery-status
Final-Recipient: rfc822; bfisher@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Final-Recipient: rfc822; dandutter@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Final-Recipient: rfc822; trasmussen@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Text Attachment [ Download File | Save to Yahoo! Briefcase ]
Received: from adsl-69-224-187-250.dsl.sndg02.pacbell.net
(adsl-69-224-187-250.dsl.sndg02.pacbell.net [69.224.187.250])
by barracuda.newwindsorbank.com (Spam Firewall) with SMTP
id CEA9B20F6407; Wed, 7 Sep 2005 16:45:11 -0400 (EDT)
Received: from u0 (localhost [127.0.0.1])
by 209.150.104.26 with ESMTP (Mailtraq/2.7.0.5514) id
OVDS7428TD04; Wed, 07 Sep 2005 13:45:14 -0800
Message-Id: <49117279665959.21793973@attract/keep>
X-Mailer: exmh version 2.4.0 08/07/2005 with nmh-1.1-RC9
Date: Wed, 07 Sep 2005 13:45:14 -0800
To: trasmussen@newwindsorbank.com
Cc: dandutter@newwindsorbank.com, bfisher@newwindsorbank.com
From: "wholesaleRolex5" <Gay.Blackwell@huskerboard.com>
Subject: FW: whats up?
Mime-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="=====================_Next_Part49164420.ExMSB_1"
Here are the full headers. maybe someone can make sense of them and we can come up with an IP match, which would really implicate these fux. FYI i havent heard back from Birch, and just havent had time lately to follow up. Im assuming theyre still invstigating and are just playing it conservative, so as not to get into legal probs from either end. but I will def call them back Thur or Fri if I havent heard back. the key is that it seems to have stopped for now, which is probably why birch isnt acting quicker. but if we can corroborate these emails that would be even totally sweeter.
From MAILER-DAEMON@yahoo.com Wed Sep 7 13:45:33 2005
X-Apparently-To: huskerboard@yahoo.com via 206.190.39.130; Wed, 07 Sep 2005 13:45:35 -0700
X-YahooFilteredBulk: 69.41.165.43
X-Originating-IP: [69.41.165.43]
Return-Path: <>
Authentication-Results: mta165.mail.dcn.yahoo.com domainkeys=neutral (no sig)
Received: from 69.41.165.43 (EHLO mail.edgerack.com) (69.41.165.43) by mta165.mail.dcn.yahoo.com with SMTP; Wed, 07 Sep 2005 13:45:35 -0700
Received: from barracuda.newwindsorbank.com (mail.newwindsorbank.com [209.150.104.26]) by mail.edgerack.com (Postfix) with ESMTP id A08008B8D4F for <Gay.Blackwell@huskerboard.com>; Wed, 7 Sep 2005 15:45:33 -0500 (CDT)
MIME-Version: 1.0
From: MAILER-DAEMON@ Add to Address BookAdd to Address Book,
Message-Id: <49117279665959.21793973@attract/keep>
Subject: **Message you sent blocked by our bulk email filter**
Content-Type: multipart/report; report-type=delivery-status; charset=utf-8; boundary="----------=_1126125933-9979-3"
To: Gay.Blackwell@huskerboard.com
Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Content-Length: 1082
Your message to: bfisher@newwindsorbank.com,
dandutter@newwindsorbank.com, trasmussen@newwindsorbank.com
was blocked by our Spam Firewall. The email you sent with the following
subject has NOT BEEN DELIVERED:
Subject: FW: whats up?
Message/delivery-status
Final-Recipient: rfc822; bfisher@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Final-Recipient: rfc822; dandutter@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Final-Recipient: rfc822; trasmussen@newwindsorbank.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=09979-02
Last-Attempt-Date: Wed, 7 Sep 2005 16:45:33 -0400 (EDT)
Text Attachment [ Download File | Save to Yahoo! Briefcase ]
Received: from adsl-69-224-187-250.dsl.sndg02.pacbell.net
(adsl-69-224-187-250.dsl.sndg02.pacbell.net [69.224.187.250])
by barracuda.newwindsorbank.com (Spam Firewall) with SMTP
id CEA9B20F6407; Wed, 7 Sep 2005 16:45:11 -0400 (EDT)
Received: from u0 (localhost [127.0.0.1])
by 209.150.104.26 with ESMTP (Mailtraq/2.7.0.5514) id
OVDS7428TD04; Wed, 07 Sep 2005 13:45:14 -0800
Message-Id: <49117279665959.21793973@attract/keep>
X-Mailer: exmh version 2.4.0 08/07/2005 with nmh-1.1-RC9
Date: Wed, 07 Sep 2005 13:45:14 -0800
To: trasmussen@newwindsorbank.com
Cc: dandutter@newwindsorbank.com, bfisher@newwindsorbank.com
From: "wholesaleRolex5" <Gay.Blackwell@huskerboard.com>
Subject: FW: whats up?
Mime-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="=====================_Next_Part49164420.ExMSB_1"
