Here are the expanded headers from the latest spam I received as a privat message. There is a section near the end that is noted as important to tracking the spam.
Its also important that NO ONE open any links from this kind of spam. There is no telling what kind of crap you could end up with on your computer.
***************************************
THis time he used the userid =
Entedaappap
Return-Path: <
riders08@jaguar.phaseserve.com>
Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.88])
by cdptpa-imta07.mail.rr.com with ESMTP
id <20100109165446847.EKAD16350@cdptpa-imta07.mail.rr.com>
for <j.newkirk@roadrunner.com>; Sat, 9 Jan 2010 16:54:46 +0000
Return-Path: <riders08@jaguar.phaseserve.com>
X-Cloudmark-Score: 0
X-RR-Connecting-IP: 216.18.209.66
X-Authority-Analysis: v=1.0 c=1 a=FEEudzF6-T0A:10 a=KA5E0n5DAAAA:8 a=mfwycoDnAAAA:8 a=r_LHlenAAAAA:8 a=rbOWEq5XAAAA:8 a=HHVMCeHbzwtpKeK9nEAA:9 a=NHItIZfCyyO-xhHuUUIA:7 a=p8OZ97DBD8N4rHOfwFxicOZoqbQA:4 a=VwV-SN6nU5UA:10 a=2N811M7wfcAA:10 a=v9k6590ieeIA:10 a=po7hYOSCBLoA:10 a=V1fBlMdNfAvL0WG5:21 a=FFDvaL9X-Y-wDQdp:21
Received: from [216.18.209.66] ([216.18.209.66:42832] helo=jaguar.phaseserve.com)
by cdptpa-iedge07.mail.rr.com (envelope-from <riders08@jaguar.phaseserve.com>)
(ecelerity 2.2.2.39 r()) with ESMTP
id 10/F5-11266-6D4B84B4; Sat, 09 Jan 2010 16:54:46 +0000
Received: from riders08 by jaguar.phaseserve.com with local (Exim 4.69)
(envelope-from <riders08@jaguar.phaseserve.com>)
id 1NTeaJ-0002vk-6p
for
j.newkirk@roadrunner.com; Sat, 09 Jan 2010 08:54:43 -0800
To:
j.newkirk@roadrunner.com
Subject: New Private Message at Big Jimmy's Motorcycle Forum
From: "Big Jimmy's Motorcycle Forum" <info@cimmeronstudios.com>
Auto-Submitted: auto-generated
Message-ID: <20100109165259.ed2d2e388571@www.motorcycleridersf orum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 09 Jan 2010 08:54:43 -0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - jaguar.phaseserve.com
X-AntiAbuse: Original Domain - roadrunner.com
X-AntiAbuse: Originator/Caller UID/GID - [33435 33437] / [47 12]
X-AntiAbuse: Sender Address Domain - jaguar.phaseserve.com
You might past a note to both forums asking that anyone that gets one of these collect the LONG HEADER version of the email and post it. Though this person may have hacked someone elses account and cound be using an address other then his own.
I would be more then happy to help out in this effort.