[TriLUG] TWC on Spamcop

matt at noway2.thruhere.net matt at noway2.thruhere.net
Thu Jul 26 10:38:40 EDT 2012


My mother is in Ohio making a physical inspection difficult.  The laptop
is a Macbook Pro (thanks to Trilug, I might add) running MacOS.  While
compromise is possible, it is much less likely than with Windows.  She is
not running any server applications and is behind an FVS318 firewall with
the inbound ports closed.  She does not take it to remote locations or
public wifi.

Looking at the email headers, it also looks like TWC is using
authentication on their email:
Authentication-Results: cdptpa-omtalb.mail.rr.com
smtp.user=mymom at roadrunner.com; auth=pass (PLAIN)

>From the above, I have reasonable doubts that my mother's machine is the
source of the SPAM.  It also looks like multiple TWC email relays have
been banned very recently.  I would also think that some sort of report
would have been sent to my mother's email/ip address or at least
containing it as the information is contained in the email headers.
>
> On Thursday, July 26, 2012 at 9:44 AM, matt at noway2.thruhere.net wrote:
>
>>
>> Here is a link to the spamcop listing page:
>>
>> http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120
>
> Possibly you've already done this work, but you don't mention it. How
> confident are you that her account (local machine) has not been
> compromised and used to send mail? How confident are you that there have
> been no bad actors (eg. friend or family member with compromised PC) on
> her home network?
>
> Cheers,
> --
> Cristóbal Palmer
>
> cmpalmer.org
>
> --




More information about the TriLUG mailing list