On 9/16/2013 1:53 PM, m.roth@5-cent.us wrote:
Received: from [206.214.95.82] (port=57577 helo=03e6231b.buhlgymgagate.us) by host290.hostmonster.com with esmtp (Exim 4.80) (envelope-fromKohlsGiftCardSurvey@buhlgymgagate.us) id 1VLfOH-0003sR-20 form.roth@5-cent.us; Mon, 16 Sep 2013 14:27:25 -0600 Received: by 03e6231b.bw31almxu.buhlgymgagate.us (amavisd-new, port 10268) with ESMTP id 03NGCCNSDRE623JKCXHVTJ1B; for m.roth@5-cent.us; Mon, 16 Sep 2013 13:27:24 -0700 To:m.roth@5-cent.us List-Unsubscribe: mailto:unsub-2268-733-2332-11-65411647@buhlgymgagate.us?subject=unsubscribe, http://www.buhlgymgagate.us/unsubscribe/2268/733/2332/11/65411647/~~m.roth@5-cent.us X-Priority: 3 (Normal) From: "Kohls Gift Card Survey"KohlsGiftCardSurvey@buhlgymgagate.us
So, it looks like mmm, (check whois) Jeff Martinez should be blocked at buhlgymgagate.us. On the other hand, I look at the headers to one of my posts, and I see that it's coming from, ta-da, 5-cent.us. If I were sending out spam, then you'd be perfectly justified in blocking 5-cent.us.
assuming host290.hostmonster.com is considered a trustworthy server by you, that spam came from 206.214.95.82, which whois says is... Sendrillion CUST-NETBLK-PHX-206-214-95-64-27-2332 (NET-206-214-95-64-1) 206.214.95.64 - 206.214.95.95
anything else in the headers is forgable. that said, the domain name used by that spam was registered yesterday. its a throwaway account.