9/1     All the sobig email I get seems to come from a specific IP address:
        <DEAD>adsl-XXX-XXX-XXX-XXX.dsl.sntc01.pacbell.net<DEAD> .  Is this reliable?
        Would contacting PacBell be of any use?
        \_ no.  just delete it and any email from evil people this way
           in your .procmailrc unless for some reason others really have
           to send you a windows screensaver or dll via email:
           :0 B:
           * ^content-transfer-encoding.*base64
           * name=.*\.(pcd|pif|reg|scr|sct|shb|shs|url|vb|vbe|dll)
           /dev/null
        \_ Delete everything between "All" and "?" and the answer would still
           be: No.
           \_ the <DEAD>pacbell.net<DEAD> address is the only one listed before it arrives
              at soda.  Unless I'm getting them from a soda user, can that
              still be a spoofed header?  is sobig even known to forge headers?