Runboard.com
Слава Україні!



🙂       Use the black navigation bar to log in or create your account.

Jump to Page:  1  2 

 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9606
Karma: 132 (+147/-15)
ReplyQuote
Interesting spam email headers


I usually don't get spam at my main email account, but I got two today. Although the headers look very different, they have three things in common:

1) Both of them had nothing but a link to a website in them, which I won't post here.

2) They both came from Belarus.

3) The "To" field (which I've highlighted in red below) isn't my address like it's supposed to be. How it was delivered to me and made it through the spam filters is beyond me.

Another interesting thing to note are all those "X-Greylist: Passed host:" lines in the 2nd email's headers. When I did a search on that line, it seemed to point to a program that is used for mass mailings, which I also won't name here, and many of the search results were talking about email spam.

I have changed my own information and the information of my email host below.

The first one had this header:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 2730 invoked by uid 503); 4 Feb 2014 19:17:10 -0000
Received: from smtp208.alice.it (82.57.200.104)
  by myhostdomain.com with SMTP; 4 Feb 2014 19:17:10 -0000
Received: from ccsvnaqrazx (178.127.220.116) by smtp208.alice.it (8.6.060.28) (authenticated as liviorinaudo)
        id 52443B821BA5DD69; Tue, 4 Feb 2014 20:13:44 +0100
Message-ID: <[email protected]> (added by [email protected])
To: [email protected]
Subject: Dangerous Defeat Drugs
From: "Jh Ivamo" <[email protected]>
Date: Tue, 4 Feb 2014 19:03:44 -0700
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"


And here's the other one:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 5780 invoked by uid 503); 4 Feb 2014 21:48:12 -0000
Received: from mail-in-05.arcor-online.net (151.189.21.45)
  by myhostserver.com with SMTP; 4 Feb 2014 21:48:12 -0000
Received: from mail-in-03-z2.arcor-online.net (mail-in-03-z2.arcor-online.net [151.189.8.15])
by mx.arcor.de (Postfix) with ESMTP id B9B14E3C03;
Tue, 4 Feb 2014 22:48:06 +0100 (CET)
Received: from mail-in-04.arcor-online.net (mail-in-04.arcor-online.net [151.189.21.44])
by mail-in-03-z2.arcor-online.net (Postfix) with ESMTP id B5D9B562DA6;
Tue, 4 Feb 2014 22:48:06 +0100 (CET)
X-Greylist: Passed host: 37.215.128.204
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-04.arcor-online.net 70915AB4EF
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arcor.de; s=mail-in;
t=1391550486; bh=f7sBJDhjMC7VBupIyopUSpVlFgzBW6rAeGfEf30mnOg=;
h=Date:To:Subject:From:Mime-Version:Content-Type:Message-Id;
b=IJZbz9skeRWH3d+4yPqv22H+/YopdBFO+C7BFzkbQp1yT8u/bK5pedXRqlnM+uCSj
7l82gGe4fIgNlCO1mF1CAjktMZUnV598RArFjoxIJNQl291LFwFfYhr8KIOyJErS7u
9/cwnpbkpIU9b2lZsM1Ir+wFkyKo/RWQWE25T7uw=
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
X-Greylist: Passed host: 37.215.128.204
Received: from hxllzdjlif (unknown [37.215.128.204])
(Authenticated sender: [email protected])
by mail-in-04.arcor-online.net (Postfix) with ESMTPA id 70915AB4EF;
Tue, 4 Feb 2014 22:47:57 +0100 (CET)
Date: Tue, 4 Feb 2014 21:38:05 -0700
To: [email protected]
Subject: Principal Frail EDmed
From: "hykobo" <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-5"
Message-Id: <[email protected]>



I've noticed quite a bit of spam activity from Belarus lately, but didn't realize they account for more than 3 times as much spam as China. Image

Belarus becomes world's top country ... for SPAM

Seriously? Image

Country populations in 2012:

Belarus: 9,464,000
China: 1,351,000,000
India: 1,237,000,000
Russia: 143,500,000
USA: 313,900,000


How is that even possible‽‽‽ Image

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
2/5/2014, 4:05 am Link to this post PM Lesigner Girl Read Blog
 
Queenyforever Profile
Live feed
Blog
Friends
Miscellaneous info

Ignore me.

Registered: 01-2007
Province: Just north of the clouds...
Posts: 1467
Karma: 48 (+48/-0)
ReplyQuote
Re: Interesting spam email headers


WOW.....okay, did not know the gravity of this. But I have gotten emails that had my wrong address in them too. And I have wondered HOW it was delivered to me?
How can a spam email get delivered to a 'not really close' email address?

---

“Freedom and democracy are dreams you never give up.”

2/5/2014, 7:13 pm Link to this post PM Queenyforever Read Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9606
Karma: 132 (+147/-15)
ReplyQuote
Re: Interesting spam email headers


The only thing I can figure is that they sent out a lot of [email protected] using the Bcc: field, and put a different email address in the To: field that probably doesn't exist, but might give them some sort of record of where they sent the emails.

I think the fact that the X-Greylist line is repeated 49 times means they sent it out to 49 different people at once, and their program was configured wrong, or something.

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
2/6/2014, 3:23 am Link to this post PM Lesigner Girl Read Blog
 
Queenyforever Profile
Live feed
Blog
Friends
Miscellaneous info

Ignore me.

Registered: 01-2007
Province: Just north of the clouds...
Posts: 1467
Karma: 48 (+48/-0)
ReplyQuote
Re: Interesting spam email headers


So basically they are blind-folded and shooting darts and our email services 'accidentally' lets them through if they hit the bulls-eye?
Humm..... emoticon

---

“Freedom and democracy are dreams you never give up.”

2/6/2014, 2:50 pm Link to this post PM Queenyforever Read Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9606
Karma: 132 (+147/-15)
ReplyQuote
Re: Interesting spam email headers


Yep emoticon At least those kinds.



---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
2/6/2014, 6:55 pm Link to this post PM Lesigner Girl Read Blog
 
Queenyforever Profile
Live feed
Blog
Friends
Miscellaneous info

Ignore me.

Registered: 01-2007
Province: Just north of the clouds...
Posts: 1467
Karma: 48 (+48/-0)
ReplyQuote
Re: Interesting spam email headers


Don't think I like that... emoticon

---

“Freedom and democracy are dreams you never give up.”

2/6/2014, 9:11 pm Link to this post PM Queenyforever Read Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9606
Karma: 132 (+147/-15)
ReplyQuote
Re: Interesting spam email headers


Me, either, but if we don't load their images (hidden or otherwise) or click on their links, they might not realize they got a legitimate address.

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
2/7/2014, 4:03 am Link to this post PM Lesigner Girl Read Blog
 
Queenyforever Profile
Live feed
Blog
Friends
Miscellaneous info

Ignore me.

Registered: 01-2007
Province: Just north of the clouds...
Posts: 1467
Karma: 48 (+48/-0)
ReplyQuote
Re: Interesting spam email headers


I don't....I have my email set up to not load images, unless I click and say to, and I've never clicked on a link in an email from anyone other than a family member or trusted friend. And even some of those I go online and google to see if anything suspicious pops up first! emoticon

---

“Freedom and democracy are dreams you never give up.”

2/7/2014, 4:03 pm Link to this post PM Queenyforever Read Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9606
Karma: 132 (+147/-15)
ReplyQuote
Re: Interesting spam email headers


I also have mine set to not load images automatically, and even if I know the sender, I'll hover on a link to see where it leads before I decide whether or not to click on it. If the link looks safe, I'll still copy it and paste it into my browser to avoid sending any referer info, just in case.

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
2/7/2014, 9:55 pm Link to this post PM Lesigner Girl Read Blog
 
Queenyforever Profile
Live feed
Blog
Friends
Miscellaneous info

Ignore me.

Registered: 01-2007
Province: Just north of the clouds...
Posts: 1467
Karma: 48 (+48/-0)
ReplyQuote
Re: Interesting spam email headers


Either we are very safety minded or paranoid...ya know that don't ya? emoticon

---

“Freedom and democracy are dreams you never give up.”

2/7/2014, 10:56 pm Link to this post PM Queenyforever Read Blog
 


Add to this discussion

Jump to Page:  1  2 



You are not logged in (login)
Back To Top

This board's time is GMT.