Received: from xxxxxxxxxx ([xx.xx.xx.xx]) by xxxxxxxxxx with Microsoft SMTPSVC(6.0.3790.3959); Fri, 29 Aug 2008 04:36:31 +0200 Received: from xxxxxxxxxx (xxxxxx [xx.xx.xx.xx]) by xxxxxxxxx (Postfix) with SMTP id 7A5A41212F; Fri, 29 Aug 2008 04:35:50 +0200 (CEST) Received: from ppp-124-120-62-237.revip2.asianet.co.th ([124.120.62.237]) by xxxxxxxxxx SMTP Relay 1217946892; Fri, 29 Aug 2008 04:35:48 +0200 Received: from [124.120.62.237] by mail.scholder.nl; Fri, 29 Aug 2008 09:35:48 +0700 Date: Fri, 29 Aug 2008 09:35:48 +0700 From: =?koi8-r?B?Iu7B1MHMydEi?= X-Mailer: The Bat! (v3.71.04) Home Reply-To: hifscholderkow@scholder.nl X-Priority: 3 (Normal) Message-ID: <092391918.10177305709163@scholder.nl> To: xxxxxxxxxxx@yyyyyy Subject: =?koi8-r?B?5MXXz97FyyDSwdrXz8TR1CDOwSDH0tXQ0M/X1cjV?= MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r X-ESAFE-STATUS: Mail clean X-ESAFE-DETAILS: Content-Transfer-Encoding: quoted-printable Return-Path: hifscholderkow@scholder.nl X-OriginalArrivalTime: 29 Aug 2008 02:36:31.0383 (UTC) FILETIME=[0BB7D270:01C90980] In the above headers I added three blank lines around the important lines that show the headers/sending address to be faked. - First of all, the machine 'mail.scholder.nl', though it does have a DNS record, it is not a machine used for sending mail. From the DNS record, the IP-number really assigned to the system, is not recorded in above headers. - The IP 124.120.62.237, shown in the 4th received line, is resolved as ppp-124-120-62-237.revip2.asianet.co.th, which is registered in Thailand. This is the same machine shown in the 3th received line; this line should show 'received from mail.scholder.nl' or the correct IP-number assigned to mail.scholder.nl. Now, the mail is twice received from the same sending address, but by two different receiving servers. - The time zone for mail.scholder.nl should be Central European Time, which is 1 hour ahead of GMT, or 2 hours ahead when Daylight Savings Time is active. This should be either +0100 or +0200. The headers in the spam, as received by you, does not necessarily have the same machine in Thailand as intermediate in the path, as many machines, zombies in one of the bot-nets, are used for sending these messages.