OK; I kinda figured AOL was weird ... but this is bizarre....

Sun Jul 27 14:03:24 PDT 2003

I received some (intercepted) spam that was intnded for one of the
BayLISA lists; www.baylisa.org recived it from a machine using the IP
address 172.131.68.202, which is part of the AOL-172BLK netblock,
assigned to America Online.

The output from "whois 172.131.68.202" includes:

OrgAbuseHandle: AOL382-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-703-265-4670
OrgAbuseEmail:  abuse at aol.net

Accordingly, I sent a note, quoting the spam, to abuse at aol.net.

I received a response that *claimed* (header-from, vs. envelope-from)
to be from "daemon at catwhisker.org".

Hmmm.... no, I think "bizarre" isn't really what I mean; how about
"perverse"?

Here are the headers; there's no way I would have thought to make this
stuff up:

>From daemon at ort-r01.mail.aol.com Sun Jul 27 13:52:38 2003
>Return-Path: <daemon at ort-r01.mail.aol.com>
>Received: from janus.catwhisker.org (janus.catwhisker.org [172.16.8.1])
>	by bunrab.catwhisker.org (8.12.9/8.12.9) with ESMTP id h6RKqb30095939
>	for <david at mail.catwhisker.org>; Sun, 27 Jul 2003 13:52:37 -0700 (PDT)
>	(envelope-from daemon at ort-r01.mail.aol.com)
>Received: from ort-r01.mail.aol.com (ort-r01.mx.aol.com [152.163.224.70])
>	by janus.catwhisker.org (8.12.9/8.12.9) with ESMTP id h6RKqacs072444
>	for <david at catwhisker.org>; Sun, 27 Jul 2003 13:52:37 -0700 (PDT)
>	(envelope-from daemon at ort-r01.mail.aol.com)
>Received: (from daemon at localhost)
>	  by ort-r01.mail.aol.com (8.8.8/8.8.8/AOL-5.0.0)
>	  id QAA19833;
>	  Sun, 27 Jul 2003 16:52:35 -0400 (EDT)
>Date: Sun, 27 Jul 2003 16:52:35 -0400 (EDT)
>From: daemon at catwhisker.org
>Message-Id: <200307272052.QAA19833 at ort-r01.mail.aol.com>
>To: david at catwhisker.org
>Old-Subject: Re: Your resources are being (ab)used by spammers
>References: <200307272052.h6RKqV7l095935 at bunrab.catwhisker.org>
>In-Reply-To: <200307272052.h6RKqV7l095935 at bunrab.catwhisker.org>
>Precedence: junk
>X-Loop: pmd at aol.net
>Reply-To: postmaster at aol.com
>Subject: Postmaster Mail Receipt Notification
>Status: R
>
>	** Postmaster Autoresponder v.20000425 **
>
>.... [rest elided -- dhw]

So... anyone have any ideas as to why they're doing that?  About the
only thing I can think of is to discourage attempts to reply to the
auto-responder.  (Of course, I could set up "daemon" to be a private
alias for some valid set of addresses....)

Yours for a slightly more surreal day....

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
Based on what I have seen to date, the use of Microsoft products is not
consistent with reliability.  I recommend FreeBSD for reliable systems.