Interesting spam

I don't get much spam, but when I do I try and look up the offending service and report them. But this one is interesting... I looked up the IP and it's alloted to the departement of defence. Did I just get spam from the Gov?

Here's the headers - I just edited out my E-mail address.

Return-Path: <znotuy.nvyarq@kittymail.com>
X-Original-To me
Delivered-To: me@decker.dreamhost.com
Received: from 66.223.51.235 (unknown [66.223.51.235])
by decker.dreamhost.com (Postfix) with SMTP id BC8B9EFB9E
for <me>; Tue, 10 Jan 2006 15:59:40 -0800 (PST)
Received: from [30.38.189.233] by via HTTP; Tue, 10 Jan 2006 20:53:39 -0300
Received: (qmail 888081 invoked by uid 710274); Tue, 10 Jan 2006 18:58:39 -0500
From: Foster Whitaker <znotuy.nvyarq@kittymail.com>
To: me
Subject: if you missed apwl and orte redeem with P O P T tlz caadxebz
Date: Tue, 10 Jan 2006 21:57:39 -0200
Message-ID: <33486261.427755165163205.718943937961806@millenia-oiarax03960.%FROM_DOMAIN>
Mime-Version: 1.38
Content-Type: multipart/alternative;
boundary="--64430331026382640682"




-Matttail

Any Received line below the one connecting to a system you trust (in this case, the DreamHost machine) can be considered possibly forged. With the increase in spam sent via open proxies in the past few years, it can be considered almost definitely forged.

The actual point of origin is 66.223.51.235 - allocated to Interland (abuse at interland.com).

I figured there was a good chance it was fogred somehow. Guess I overlooked that other IP address for interland... That's kinda expensive hositng to use for spamming people. Thanks for that one will.



-Matttail

I think most spam comes from compromised machines. So even if the IP is valid, one can't assume (though AOL does) that they are the spammer.

I am having doubts about ip addresses. I mentioned on the 3rd party section that my guestbook is reporting ip's that are localhost. If they can do that with a website, I would think its possible with email as well.
Silk