I've got a really weird situation here.... the same IP address keeps popping up in porn spam that I have rec'd in 2 different email accts. It looks to me like it's coming from UC Davis, and I suspect someone there, so I am hoping you all can verify the same thing before I call the person on this spamming.... If in fact you guys come up with the same info I do, then can anyone tell me, aside from this person logging into the culprit Yahoo accounts (the ones I have denoted with ~~~~~~ in the copy of the headers), and there are 2 different Yahoo accts, if there is any other way for the spam to be sent from UCD to me? Can it somehow be bounced off UCD server but not really originate there? I just want to make sure I cover everything before I confront this person, & I just keep thinking, he must have 2 separate Yahoo accounts that he has kept secret & sends me this crap from the University for whatever creepy reasons". Can I be wrong somehow or does this all sound about right?
This first header is from my hotmail acct, again with the ISP 169.237.221.161, but what's all the weird stuff after X-Message info?? From what I've read on the internet, this looks like a fraudulent email somehow, but... is it still originating at the university?
From*:*
~~~~~~@yahoo.com>
Sent*:*
Sunday,*February*6,*2005*8:31*PM
To*:*
**ME**@hotmail.com
Subject*:*
H@me l^@ns 5%
Inbox
Attachment*:**
5_5.jpg*(0.07 MB), 5_10.jpg*(0.08 MB), 5_11.jpg*(0.08 MB), 5_14.jpg*(0.07 MB), roxanne126.jpg*(0.29 MB)
MIME-Version: 1.0
Received: from web90008.mail.scd.yahoo.com ([66.218.94.66]) by mc1-f16.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 6 Feb 2005 20:31:56 -0800
Received: (qmail 77320 invoked by uid 60001); 7 Feb 2005 04:31:56 -0000
Received: from [169.237.221.161] by web90008.mail.scd.yahoo.com via HTTP; Sun, 06 Feb 2005 20:31:55 PST
X-Message-Info: JGTYoYF78jESyuYhQdPiJ/0TCP4/vMP5OAZwQP/VhFM=
Comment: DomainKeys? See
http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=rXgkPbY4drIvpBxlNAYHQeu+tsNBOJMQxEEcQcNM6DzismhOJGcUDzkFefFncx2CxgBHNW3XwORycm5eNqZFn9dJj5rHO0U+t6 HOYHpbmYfJO0gPUglhxfgS9907Po1CFc7BpRhrcJtNncI92NRllab/C40edJFC0H3BaXrRCnI= ;
Return-Path: ~~~~~~@yahoo.com
X-OriginalArrivalTime: 07 Feb 2005 04:31:56.0191 (UTC) FILETIME=[F4A06AF0:01C50CCD]
This second email header is from my Excite email acct, and this time the sender is different (still Yahoo though) but the IP address hasn't changed. University again? What do you guys think?
Return-Path:**
<~~~~~~@yahoo.com>
Delivered-To:**
**ME**@xprdmailbe.nwk.excite.com
Received:**
(qmail 28808 invoked from network); 18 Dec 2004 00:40:09 -0000
Received:**
from unknown (HELO xprdmx8.nwk.excite.com) ([10.50.30.29]) (envelope-sender <~~~~~~@yahoo.com>)
by 0 (qmail-ldap-1.03) with SMTP
for <**ME**@xprdmailbe.nwk.excite.com>; 18 Dec 2004 00:40:09 -0000
Return-Path:**
<~~~~~~@yahoo.com>
Received:**
from web80904.mail.scd.yahoo.com (web80904.mail.scd.yahoo.com [66.218.95.67])
by xprdmx8.nwk.excite.com (Postfix) with SMTP id 87A9B29DDA
For <**ME**.com>; Fri, 17 Dec 2004 19:40:03 -0500 (EST)
Received:**
(qmail 1283 invoked by uid 60001); 18 Dec 2004 00:40:08 -0000
Comment:**
DomainKeys? See
http://antispam.yahoo.com/domainkeys
DomainKey-Signature:**
a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
b=ikhwTrBLI/vyaDrTOy3fCUGC/0ML49mVgKnWMr33bS9Q/XJ1O2izYem2kvc0MwCp+FYtHhXXPhbuiqXT1olbAOc0RK9aZTqXLQz4LpOHh5Zladaqke8d4Ar46K5RDEi726HwfI7CKTAk9ibZL ug6TGv4ya8tW52jYNooyl87xbc= ;
Message-ID:**
<20041218004008.1281.qmail@web80904.mail.scd.yahoo.com>
Received:**
from [169.237.221.161] by web80904.mail.scd.yahoo.com via HTTP; Fri, 17 Dec 2004 16:40:07 PST
Date:**
Fri, 17 Dec 2004 16:40:07 -0800 (PST)
From:**
<~~~~~~@yahoo.com>
Subject:**
Hi Hun
To:**
**ME**@excite.com