path continuity

[ha...@t-online.de]

Hi,

I just came across a nice spam with forged received lines.
It is normal for a meswsage with multiple hops that the machine sending out a mail is not
exactly the one receiving it, but they usually should be in the same domain (or at least related,
like the t-online hop which receives with a .de and delivers through a related .com)
Now this one looks like the first receiver puts the data into a brown bag and snail mails them
elsewhere for re-injection into the smtp world :)

Is this something to derive "bonus" points from?

Wolfgang Hamann

Received: from fwdallmx.t-online.com [194.25.134.91]
	by localhost with POP3 (fetchmail-6.2.3)
	for wolfgang@localhost (single-drop); Fri, 18 Aug 2006 13:30:37 +0200 (CEST)
Received: from mailin22.aul.t-online.de (mailin22.aul.t-online.de [172.20.26.75])
	by mhead22 with LMTP; Fri, 18 Aug 2006 11:06:37 +0200
X-Sieve: CMU Sieve 2.2
Received: from mydomain.com ([196.209.36.251]) by mailin22.sul.t-online.de
	with esmtp id 1GE0Iv-06fIVU0; Fri, 18 Aug 2006 11:06:13 +0200
Received: from esmtp.genuity.com ([80.142.172.219]) by singularity.inreach.com with SMTP
	id 12ACC82B;
	 Fri, 18 Aug 2006 09:06:37 -0000
Received: from abyss.banelco.com.ar ([254.136.135.205]) by maelstrom.mx.aol.com with ESMTP
	id 0A579587;
	 Fri, 18 Aug 2006 09:06:27 -0000
Received: from nk1.hotmail.com ([0.153.153.217]) by nk2.mail.lycos.com with esmtp (Exim 3.35 #1)
	id 0AE5CE36;
	 Fri, 18 Aug 2006 09:06:17 -0000
Date: Fri, 18 Aug 2006 11:06:17 +0200
From: davidkanfo_900@yahoo.com
To: davidkanfo_900@yahoo.com