On 9/16/2013 1:53 PM, m.roth at 5-cent.us wrote: > Received: from [206.214.95.82] (port=57577 helo=03e6231b.buhlgymgagate.us) > by host290.hostmonster.com with esmtp (Exim 4.80) > (envelope-from<KohlsGiftCardSurvey at buhlgymgagate.us>) > id 1VLfOH-0003sR-20 > form.roth at 5-cent.us; Mon, 16 Sep 2013 14:27:25 -0600 > Received: by 03e6231b.bw31almxu.buhlgymgagate.us > (amavisd-new, port 10268) with ESMTP id 03NGCCNSDRE623JKCXHVTJ1B; for > <m.roth at 5-cent.us>; Mon, 16 Sep 2013 13:27:24 -0700 > To:m.roth at 5-cent.us > List-Unsubscribe: > <mailto:unsub-2268-733-2332-11-65411647 at buhlgymgagate.us?subject=unsubscribe>, > <http://www.buhlgymgagate.us/unsubscribe/2268/733/2332/11/65411647/~~m.roth@5-cent.us> > X-Priority: 3 (Normal) > From: "Kohls Gift Card Survey"<KohlsGiftCardSurvey at buhlgymgagate.us> > > So, it looks like mmm, (check whois) Jeff Martinez should be blocked at > buhlgymgagate.us. On the other hand, I look at the headers to one of my > posts, and I see that it's coming from, ta-da, 5-cent.us. If I were > sending out spam, then you'd be perfectly justified in blocking 5-cent.us. assuming host290.hostmonster.com is considered a trustworthy server by you, that spam came from 206.214.95.82, which whois says is... Sendrillion CUST-NETBLK-PHX-206-214-95-64-27-2332 (NET-206-214-95-64-1) 206.214.95.64 - 206.214.95.95 anything else in the headers is forgable. that said, the domain name used by that spam was registered yesterday. its a throwaway account. -- john r pierce 37N 122W somewhere on the middle of the left coast