Hi Jeff,
I'm assuming you meant headers from the original spam, not the headers from the mail server returning the bounced spam. Here are 2 headers from the original spam as included by the mail server bouncing them back to me. My domain that is being falsely used is flagart.com. The other domain of mine they are using is 247max.com.
-------------- START 1 --------------
Hi. This is the qmail-send program at secure.hummer6.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<
[email protected]>:
This address no longer accepts mail.
--- Below this line is a copy of the message.
Return-Path: <
[email protected]>
Received: (qmail 14505 invoked from network); 29 Dec 2005 01:00:26 -0000
Received: from unknown (HELO 201.240.246.224) (201.240.246.224)
by hummer6.net with SMTP; 29 Dec 2005 01:00:26 -0000
Received: from [192.168.40.200] (port=21786 helo=ktnckyiu)
by 201.240.246.224 with esmtp
id 1Erm1X-0002l8-Y5
for
[email protected]; Wed, 28 Dec 2005 19:52:07 -0500
Date: Wed, 28 Dec 2005 19:58:55 -0500
From: <
[email protected]>
X-Mailer: The Bat! (v3.5) Professional
X-Priority: 3 (Normal)
Message-ID: <
[email protected]>
To: <
[email protected]>
Subject: news report
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="=_373b352f7ba38ba5a57013defbbf3ea3"
X-Spam: Not detected
--=_373b352f7ba38ba5a57013defbbf3ea3
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<img src=3Dcid:42ddbe071279dd3568b540320c38562a>
--=_373b352f7ba38ba5a57013defbbf3ea3
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="hrav.gif"
Content-ID: <42ddbe071279dd3568b540320c38562a>
-------------- END 1 --------------
-------------- START 2 --------------
Hi. This is the qmail-send program at brick.suitage.jp.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<
[email protected]>:
Sorry. Although I'm listed as a best-preference MX or A for that host,
it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)
--- Below this line is a copy of the message.
Return-Path: <
[email protected]>
Received: (qmail 25518 invoked from network); 29 Dec 2005 01:04:10 -0000
Received: from unknown (HELO 201-248-56-68.genericrev.cantv.net) (201.248.56.68)
by brick.suitage.jp with SMTP; 29 Dec 2005 01:04:10 -0000
Received: from [192.168.40.200] (port=21780 helo=dqlkklj)
by 201-248-56-68.genericrev.cantv.net with esmtp
id 1Erm0a-0005th-B6
for
[email protected]; Wed, 28 Dec 2005 13:51:08 -1100
Date: Wed, 28 Dec 2005 21:04:02 -0400
From: <
[email protected]>
X-Mailer: The Bat! (v3.5) Professional
X-Priority: 3 (Normal)
Message-ID: <
[email protected]>
To: <
[email protected]>
Subject: news report
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="=_94398f05b5256b1bf68306a1b2d85cfa"
X-Spam: Not detected
--=_94398f05b5256b1bf68306a1b2d85cfa
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<img src=3Dcid:eab00e6f70825e05ef9ce353e3fa8f43>
--=_94398f05b5256b1bf68306a1b2d85cfa
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="zyjqix.gif"
Content-ID: <eab00e6f70825e05ef9ce353e3fa8f43>
-------------- END 2 --------------