Faked Spam Mail "From:" address
You may receive spam mail that appears to come from someone with a camel.co.uk domain name. If so the "From:" name has been faked by the person who sent the spam. We know this happens because when it is done we get the non-delivery reports for any spam mails that are undeliverable. .
This is NOT the same as relay-based spamming, in which the spammer uses a third party mail host to send the mail on their behalf; our mail servers will NOT permit relaying, so cannot be used in that way.
You can usually tell that the mail did not originate from our mail servers (ie it is faked) by looking at the headers. Look in the internet headers (from the bottom up) for the first "Received:" line.
Proper mails from Camel Services will say something like:
Received: from 18.104.22.168 (HELO mail.camel.co.uk) by smtp.c000.snv.cp.net (22.214.171.124) with SMTP; 4 Jul 2002 06:34:42 -0700
Received: from 126.96.36.199 (EHLO mail.camel.co.uk) (188.8.131.52) by mta566.mail.yahoo.com with SMTP; 10 Jul 2002 05:17:43 -0700 (PDT)
The form varies depending on the mailer program that receives it. And in general will not have any "peculiar" additional Received: lines before them.
Here is an example from a spam mail:
Received: from epic.mail.pas.earthlink.net (184.108.40.206) by mta448.mail.yahoo.com with SMTP; 29 Jun 2002 00:13:13 -0700 (PDT)
Received: from pool-220.127.116.11.troy.grid.net ([18.104.22.168] helo=rcpt) by epic.mail.pas.earthlink.net with smtp (Exim 3.33 #2) id 17OC83-0000wf-00; Fri, 28 Jun 2002 23:54:44 -0700
In this example of a spam email there are two Received: lines. In theory the second line shows where the email originated, but it can be faked. We reported this spam to the system administrators of both IP addresses.
What IP Address?
In general you look for the last IP address in the "from" part of the last Received: line. Ignore the machine names, as they can easily be faked. Because the whole received line could be faked, you need to work though them from the first to the last to try to spot any inconsistencies.
Please do not harrass us, but if you are getting significant numbers of faked spam emails please let us know.
The abusive use of the machine which sent the spam should be reported to the "Network Administrator" of the organisation that "owns" the IP address used by the spammer, some probably being being more concerned then others.
You should send whole of the internet headers from the spam email to the specified contact name, put "abuse" in the subject line.
You will usually only get an auto-reply. Read it, it may say that abuse-complaint mails should be sent to a specified email address. If so you will have to resend the complaint mail.
Several categories of prevention exist
To make life easier, look at:
Camel Services Ltd
© 2006 Camel Services Ltd. www.camel.co.uk