Dave Trapnell wrote:

What's with this "Return-Path:" field? Are those "real"
email addresses? Could the solution be as simple as just
emailing those addresses and asking them to clean up their
machines? What about the IP addresses? Are they real? Here
is the "current crop of "Return-Path:" addresses. I was told
these are probably just bogus addresses planted by the
virus.

Return-Paths removed

The following lines can be forged:
From:
Return-Path:
Reply-To:

You can only go by the
Received:
lines, and there you need to tread carefully, because they can be
inserted by the sending mailer (spoofed), but the mail exchangers
have to add a Received: line above the previous Received: line.
That way you can trace back from top down where the message
probably came from.

here a few e-mail spam related links:
http://groups.google.com/groups?group=news.admin.net-abuse.email
newsgroup: <news:news.admin.net-abuse.email>

http://spamcop.net
newsgroup: <news://news.spamcop.net/spamcop.help>
           <news://news.spamcop.net/spamcop>
Just a side note: Virii are not spam, so if you use SpamCop, do
not report viruses with that system. You can parse them and then
report manually to the ISP where the message seems to originate.

HTH

-- 
Robi
(2.8#@ 2.69 yrs)