When I investigated further trying to pinpoint the source of the UK Lottery Scam email, I discovered this that a University server was compromised and in turn was being used to send out spam emails.
Received: from mail.westmont.edu (mail.westmont.edu [22.214.171.124])
by mx.google.com with ESMTP id b2si6730331rvf.2007.08.10.20.50.01;
Fri, 10 Aug 2007 20:50:32 -0700 (PDT)
Received-SPF: neutral (google.com: 126.96.36.199 is neither permitted nor denied by domain of firstname.lastname@example.org) client-ip=188.8.131.52;
Received: from localhost (ns1.westmont.edu [10.50.10.1])
by mail.westmont.edu (Postfix) with ESMTP id 2B654C278C6;
Fri, 10 Aug 2007 20:48:00 -0700 (PDT)
Received: from 184.108.40.206.rmts.satcom-systems.net
(220.127.116.11.rmts.satcom-systems.net [18.104.22.168]) by
webmail.westmont.edu (Horde MIME library) with HTTP; Fri, 10 Aug 2007
X-Priority: 3 (Normal)
Date: Fri, 10 Aug 2007 20:47:58 -0700
From: UK NATIONAL LOTTERY <email@example.com>
Subject: YOU WON
User-Agent: Internet Messaging Program (IMP) H3 (4.0.4-RC2)
1. Google is hosting the email of this university
2. Spammers are sending out mail from a university email server that of westmont.edu or Westmont College in California, USA to send out a UK Lottery Scam EMail
3. Does this mean we are dealing with a hacked email account of a Westmont student, a hacked email server of Westmont College or is the webmail.westmont.edu an open relay server which spammers can use to bounce email of and make it appear as if the email was coming from Westmont College.
Nearly all of the internet-connected computers that send email are controlled by spammers, according to Return Path, a company that compiles email reputation data.
Of the 20 million IP addresses that send email and are tracked by Return Path, only 0.9 per cent have earned a reputation score that will allow their emails to be delivered to Return Path clients. About 2.5 per cent encounter problems such as spam traps or having garnered too many complaints. But 96.7 per cent score so badly the sending computer is likely to be a hacked PC, the company said.
Spam makes up almost 75 per cent of all messages sent today, according to email security service Postini.
This email needs further investigation. I will follow up on this.
I just received a mail from the Associate Director of IT at Wesmont College
Read the rest of this entry »