[Freeflyer]

Hi, I've started receiving mail from someone that appears to be at a company, but the headers seem to show a mindspring cable address.

Could someone please help me see the trail for this, I'm not too good at figuring the headers out.

From bill.wibker@jpkhouston.com Fri Nov 21 12:42:26 2003
Return-Path: <bill.wibker@jpkhouston.com>
Received: from grebe.mail.pas.earthlink.net (grebe.mail.pas.earthlink.net [207.217.120.46])
by xcapital.dsvr.co.uk (8.11.7/8.11.7) with ESMTP id hALIf3t02611
for <justin@jkath.com>; Fri, 21 Nov 2003 18:41:03 GMT
Delivered-To: <justin@jkath.com>
Received: from user-0cet4qt.cable.mindspring.com ([24.238.147.93] helo=8ftn931bwibker)
by grebe.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
id 1ANG9Q-0002vs-00; Fri, 21 Nov 2003 10:37:04 -0800
Reply-To: <bill.wibker@jpkhouston.com>
From: "Bill Wibker" <bill.wibker@jpkhouston.com>
To: "'Bill Wibker'" <bill.wibker@jpkhouston.com>
Subject: Big Bend National Park - December 4-7, 2003 - RSVP Today!
Date: Fri, 21 Nov 2003 12:36:57 -0600
Organization: J P Kenny, Inc.
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0045_01C3B02C.2B5B5000"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcOwXnFU/d/lWkMJR4C2KAFZFqt18g==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-Id: <E1ANG9Q-0002vs-00@grebe.mail.pas.earthlink.net>
Status:

Although jpkhouston.com is registered, it doesn't seem to be active. JP Kenny is a drilling company here in houston and use the domain jpkenny.com

Can anyone shed some light on this.

Thanks,

J.

[John Strung]

The e-mail originated from
user-0cet4qt.cable.mindspring.com.

If this message is spam, copy the message and e-mail headers and send them to abuse@mindspring.com

A Whois search on jpkhouston.com turns up the following information:

Registrant:
JP KENNY INTERNATIONAL INC. (JPKHOUSTON-DOM)
17420 Katy Freeway, Suite 100
Houston, TX 77094
US

Domain Name: JPKHOUSTON.COM

Administrative Contact:
Wibker, Bill (TZWNFUYZII) bill.wibker@JPKHOUSTON.COM
J P Kenny, Inc.
17420 Katy Freeway
Suite 100
Houston, TX 77094
US
(281) 675-1046 fax: (281) 646-9827
Technical Contact:
Wibker, Bill (30307397I) bill.wibker@JPKHOUSTON.COM
J P Kenny, Inc.
17420 Katy Freeway
Suite 100
Houston, TX 77094
US
(281) 675-1046 fax: (281) 646-9827

Record expires on 01-Jan-2006.
Record created on 31-Dec-1997.
Database last updated on 21-Nov-2003 20:42:54 EST.

Domain servers in listed order:

DNS1.XSPEDIUS.NET 207.191.50.10
DNS2.XSPEDIUS.NET 207.191.1.10

This still could be a legitmate e-mail from J P Kenny, however as they may be using Mindspring for their mail server.

[car1son]

To add some other notes: I fed the IP address (24.238.147.93) into TraceRoute (via Network Utility) and it was able to track it back through a Houston roadrunner node.

Now, that may make some sense: Earthlink bought Mindpring about five years ago and still serves customers via old Mindsping subnetworks (I know - I'm one!) And Earthlink has a deal with Roadrunner (Time-Warner, nee AOL-Time-Warner) to offer its internet services through RR cable. So, it could be an Earthlink user (explains the Earthlink message ID - my mail has an Earthink SMTP server ID, and the IP is registered to Covad (DSL provider) and routes through Mindspring nodes on the way to Earthlink. And if it's a Business mail, the From address is my Business domain, which is none of those.)

It's not impossible the guy's computer has been hijacked by one of the recent Windows worms to relay spam, but given how close Big Bend is to Houston, I doubt it.

[Freeflyer]

Thanks for the help, I see the trail a bit better now. Interesting that the mail is from the person who's the admin contact for the company.

I think I'll mail directly and see if I can get a response.

Thanks,

J.

[John Strung]

Let us know what you find out.