[email protected] broken autoresponder, part 2/2

8/14/2019 [email protected] broken autoresponder, part 2/2

1/11


2/11

(and Keep) Hi Definition TVX-mailer: spam.pl 0.25 - http://spam.sourceforge.netPrecedence: bulkErrors-To: [email protected]: Not scanned: please contact NPGX for details, Not scanned:please contact NPGX for detailsX-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.1.1(mail2.npgx.com.au [203.25.170.30]); Wed, 14 May 2008 05:01:33 +1000 (EST)

X-DCC-sonic.net-Metrics: falcon.npgx.com.au 1117; Body=16 Fuz1=16 Fuz2=16X-NPGX-MailScanner-Information: Please contact NPGX for more informationX-MailScanner-ID: m4DJ11Ck001436X-NPGX-MailScanner-From: [email protected]

I recently received the following message, which appears to be from one ofyour users, or was relayed by one of your machines, or you are hosting thewebsite they are trying to drive users to. It looks to me like aspam, unsolicited commercial e-mail. Such mail is very annoying and widelyconsidered to be abusive.

If your domain is the source for this E-mail, could you encourage him/her/itto cut it out? Thanks.

If you are one of the relays down the chain, maybe you should considerrestricting the use of your mail-server? Thanks.

If your domain is in the body of the email, and the email was sent to drivetraffic to your website, could you please stop (1) hosting the spammers website,or(2) stop paying the spammer to drive business to your website. Thanks.

If your host was faked or in any way spoofed, I trust you would still like toknow about it. Please regard this mail as information rather thanaccusation. Forged headers are unfortunately sometimes used and you may havereceived this mail even though you're completely innocent.

If you know who to tell or inform about this in order to make it stop. Pleaseforward this information to whom it may concern.

(This mail was automatically generated.)

--- start of spam ---X-NPGX-Watermark: 1211310034.75277@Sv3yO2LBUoJc+8uT/vA5jwReturn-Path: Received: from mail2.npgx.com.au (falcon.npgx.com.au [203.25.170.30])

by mail.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DJ0YJq014188(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)for ; Wed, 14 May 2008 05:00:34 +1000

X-NPGX-Watermark: 1211309984.29952@fh7KCsEb9tGmWMjIatqrdQReceived: from yw-out-1718.google.com (yw-out-1718.google.com [74.125.46.156])

by mail2.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DIx9Hd000501for ; Wed, 14 May 2008 04:59:42 +1000

Received: by yw-out-1718.google.com with SMTP id 5so2375268ywm.74for ; Tue, 13 May 2008 11:58:56 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com; s=gamma;h=domainkey-signature:received:received:message-id:date:from:reply-

to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;


3/11

bh=MaZv0jtqUbi1JWEiI9+J28dEYQ8F0IMjs68fpFKRBGI=;b=nq1vaG4orZBM6oYqOFqUGKOFfUapSTI9J+YStsUP3hm6gYDHKgaLF4s5pzDnsDz13oluxI65

S8GWzcjJ1hkY2YVdQ39oWapQB2ezL4UbHLJqJzQwd0PL2MTHlPFjXebUWpXAaFGvBbbmggxdLdKGLpsi5WkSa+OMlPOg8tOMTXg=DomainKey-Signature: a=rsa-sha1; c=nofws;

d=gmail.com; s=gamma;h=message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-

version:content-type:content-transfer-encoding:content-disposition:references:x-

google-sender-auth;b=Ip5EMwTk+hqX3Fss/qwRi0skhX2Zu1MAVml/p5taHVcsuqUJTbnjfDCqrOg8lHbwiEUwFdHW

0UnWQz32I6JtVMp/NVbgJP3KzbzrnZBamCt41SUwjBQsKnKQqq/rI/pRO1P5SPvn2Fqz9Xl1hMMje7uPqstSTqhBGB6UH+9pw0A=Received: by 10.150.68.2 with SMTP id q2mr195559yba.90.1210705136131;

Tue, 13 May 2008 11:58:56 -0700 (PDT)Received: by 10.150.186.3 with HTTP; Tue, 13 May 2008 11:58:55 -0700 (PDT)Message-ID: Date: Tue, 13 May 2008 14:58:55 -0400From: "Douglas Muth" Reply-To: [email protected]: [email protected]: [email protected], [email protected]

Subject: {Spam?}{Score=10} Re: Spam Report: {Spam?}{Score=11} [SPF:fail] Re: SpamReport: {Spam?}{Score=14} {Disarmed} We need consumers to Test (and Keep) HiDefinition TVCc: [email protected], [email protected],

"Scott Hazen Mueller" In-Reply-To: MIME-Version: 1.0Content-Type: text/plain; charset=ISO-8859-1Content-Transfer-Encoding: 7bitContent-Disposition: inlineReferences: X-Google-Sender-Auth: 70d03a08e9e99b27X-Greylist: Sender IP whitelisted by DNSRBL, not delayed by milter-greylist-4.1.1

(mail2.npgx.com.au [203.25.170.30]); Wed, 14 May 2008 04:59:43 +1000 (EST)X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/Received-SPF: Pass (mail2.npgx.com.au: domain of [email protected]

designates 74.125.46.156 as permitted sender)receiver=mail2.npgx.com.au; client-ip=74.125.46.156;envelope-from=; helo=yw-out-1718.google.com;

X-DCC-sonic.net-Metrics: falcon.npgx.com.au 1117; Body=1 Fuz1=1 Fuz2=1X-NPGX-MailScanner: Found to be virus free, Found to be virus freeX-NPGX-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=10.525,

required 5, autolearn=spam, BAYES_50 0.00, DKIM_SIGNED 0.00,DKIM_VERIFIED -0.00, FB_INDEPEND_RWD 3.60, SPF_PASS -0.00,URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50,URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50)

X-NPGX-MailScanner-SpamScore: ssssssssssX-NPGX-MailScanner-Information: Please contact NPGX for more informationX-MailScanner-ID: m4DJ0YJq014188X-NPGX-MailScanner-From: [email protected]

Um... could you please fix your anti-spam software? :-)

It appears to be responding to abuse mailboxes from other ISPs, and isdragging a bunch of us who run anti-spam/anti-harassment sites of ourown (such as haltabuse.org and spam.abuse.net) into the fray.


4/11

Thanks,

-- Doug([email protected])

On Tue, May 13, 2008 at 2:49 PM, wrote:> I recently received the following message, which appears to be from one of

> your users, or was relayed by one of your machines, or you are hosting the> website they are trying to drive users to. It looks to me like a> spam, unsolicited commercial e-mail. Such mail is very annoying and widely> considered to be abusive.>> If your domain is the source for this E-mail, could you encourage him/her/it> to cut it out? Thanks.>> If you are one of the relays down the chain, maybe you should consider> restricting the use of your mail-server? Thanks.>> If your domain is in the body of the email, and the email was sent to drive> traffic to your website, could you please stop (1) hosting the spammers

website, or> (2) stop paying the spammer to drive business to your website. Thanks.>> If your host was faked or in any way spoofed, I trust you would still like to> know about it. Please regard this mail as information rather than> accusation. Forged headers are unfortunately sometimes used and you may have> received this mail even though you're completely innocent.>> If you know who to tell or inform about this in order to make it stop. Please> forward this information to whom it may concern.>> (This mail was automatically generated.)>

> --- start of spam ---> X-NPGX-Watermark: 1211309372.19459@7pte7laaroVfRTeXp84Vxw> Return-Path: > Received: from mail2.npgx.com.au (falcon.npgx.com.au [203.25.170.30])> by mail.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DInVDg000749> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)> for ; Wed, 14 May 2008 04:49:31 +1000> X-NPGX-Watermark: 1211309334.79982@UPwlbJ9mSnidnaZ1jVRnsg> Received: from HEREVSCLUS.NDC.RR.COM (herexchange02.ndc.rr.com [24.30.204.70])> by mail2.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DImKvg026577> for ; Wed, 14 May 2008 04:48:53 +1000> Received: from herkanapp01 ([24.30.204.203]) by HEREVSCLUS.NDC.RR.COM withMicrosoft SMTPSVC(6.0.3790.3959);

> Tue, 13 May 2008 14:48:19 -0400> Message-ID: > Date: Tue, 13 May 2008 14:47:57 -0400 (EDT)> From: Road Runner Abuse > To: > Subject: {Spam?}{Score=11} [SPF:fail] Re: Spam Report: {Spam?}{Score=14}{Disarmed} We need consumers to Test (and Keep) Hi Definition TV> Mime-Version: 1.0> Content-Type: text/plain; charset=iso-8859-1> Content-Transfer-Encoding: 7bit> x-mailer: KANA Response 9.1.0.35


5/11

> X-OriginalArrivalTime: 13 May 2008 18:48:19.0092 (UTC)FILETIME=[E9352540:01C8B529]> X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.1.1 (mail2.npgx.com.au [203.25.170.30]); Wed, 14 May 2008 04:48:54+1000 (EST)> X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/> Received-SPF: SoftFail (mail2.npgx.com.au: transitioning domain of [email protected]> does not designate 24.30.204.70 as permitted sender)

> receiver=mail2.npgx.com.au; client-ip=24.30.204.70;> envelope-from=; helo=HEREVSCLUS.NDC.RR.COM;> X-DCC-sonic.net-Metrics: falcon.npgx.com.au 1117; Body=1 Fuz1=1 Fuz2=1> X-NPGX-MailScanner: Found to be virus free, Found to be virus free> X-NPGX-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=11.122,> required 5, autolearn=spam, BAYES_50 0.00, FB_INDEPEND_RWD 3.60,> SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50,> URIBL_OB_SURBL 1.50, URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50)> X-NPGX-MailScanner-SpamScore: sssssssssss> X-NPGX-MailScanner-Information: Please contact NPGX for more information> X-MailScanner-ID: m4DInVDg000749> X-NPGX-MailScanner-From: [email protected]>

> Hello,>> If you are reporting an e-mail related incident, it is important that> you copy and paste the offending message, with full headers and the full> text body of the email, into your message to us. 'Full' headers will> include one or more lines of routing information, each of which will> start with 'Received:'. This routing information will help us determine> where the email originated. Without the full text body of the email, we> will be unable to substantiate "abuse" allegations, and will not be able> to assist you.>> If you are receiving returned or bounced email, please provide the full> header information from the original message which will be included in

> the Postmaster or Mailer-Daemon message.>> If the email was neither sent by an individual using the Road Runner> system, or did not involve any content or service managed by Road> Runner, then Road Runner would not be the proper entity to contact> because we are not in a position to take any action.>> Road Runner will not accept logs that are not in plain text (ascii)> format. Do not attach files to your e-mail. All logs must be included in> the body of the message.>> For more information on determining the source of an email please visit> http://spam.abuse.net/userhelp/howtocomplain.shtml

>> An example of an email with full headers:>> Received: (qmail 84224 invoked by uid 20241); 9 Dec 2002 21:27:38> -0000> Received: from unknown (HELO 192.168.0.32) ([10.11.12.13])> (envelope-sender ) by 192.220.79.17> (qmail-ldap-1.03) with> SMTP for ; 9 Dec 2002 21:27:38 -0000> From: "info resource" > To:


6/11

> Subject: Hundreds of Books and Music Cd's at up to 75% Off> Mime-Version: 1.0> Content-Type: multipart/alternative;> boundary="----=_NextPart_000_0034_01C221EC.6C64F7B0"> Date: Mon, 9 Dec 2002 16:37:19> Reply-To: "info resource" > X-Mailer: Microsoft Outlook Express 6.00.2600.0000ams> Status:

> Message-Id: >> ------=_NextPart_000_0034_01C221EC.6C64F7B0> Content-Type: text/plain; charset="iso-8859-1">> Hello,>> Please check out the hundreds of bargains at up to 75% Off>>> How to obtain full headers:>> Entourage

> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Source from the View menu. The message source opens in its own> window.> 3. Highlight the headers displayed, and copy them into the e-mail you> will be sending to Road Runner Abuse.>> Exchange> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Properties from the File menu and then click the Details tab.> 3. Select Message Source.> 4. Highlight the headers displayed in the Message Source window, and> copy them into the e-mail you will be sending> to Road Runner Abuse.

>> Mac OS X Mail> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Message from the View menu and then click the Long Header tab.>> 3. With the full headers displayed, forward the message to Road Runner> Abuse.>> Netscape 6.x, 7.x> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Headers from the View menu and then select All.> NOTE: You will need to reset this choice when> viewing emails where you don't care about the full

> headers.> 3. With the full headers displayed, forward the message to Road Runner> Abuse.>> Outlook 2002, 2003> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Options from the View menu.> 3. All header lines appear under Internet Headers at the bottom of the> dialog that comes up.> 4. Highlight the headers displayed in the e-mail, and copy them into the> e-mail you will be sending to Road Runner


7/11

> Abuse.>> Outlook Express 5.x, 6.x> 1. Open the e-mail in question that will be forwarded to Road Runner.> 2. Select Properties from the File menu and then click the Details tab.> 3. Highlight the headers displayed in the e-mail, and copy them into the> e-mail you will be sending to Road Runner> Abuse.

>> For more information on obtaining full headers please visit> http://www.haltabuse.org/help/headers/index.shtml or you can contact> our National Help Desk through chat/e-mail/phone support for a> walkthrough of the steps.>>> Thank you for taking the time to contact Road Runner.>> - Road Runner Abuse [JB]>> Original Message Follows:> ------------------------

> I recently received the following message, which appears to be from one> of> your users, or was relayed by one of your machines, or you are hosting> the> website they are trying to drive users to. It looks to me like a> spam, unsolicited commercial e-mail. Such mail is very annoying and> widely> considered to be abusive.>> If your domain is the source for this E-mail, could you encourage> him/her/it> to cut it out? Thanks.>

> If you are one of the relays down the chain, maybe you should consider> restricting the use of your mail-server? Thanks.>> If your domain is in the body of the email, and the email was sent to> drive> traffic to your website, could you please stop (1) hosting the spammers> website, or> (2) stop paying the spammer to drive business to your website. Thanks.>> If your host was faked or in any way spoofed, I trust you would still> like to> know about it. Please regard this mail as information rather than> accusation. Forged headers are unfortunately sometimes used and you may

> have> received this mail even though you're completely innocent.>> If you know who to tell or inform about this in order to make it stop.> Please> forward this information to whom it may concern.>> (This mail was automatically generated.)>> --- start of spam ---> X-NPGX-Watermark: 1211301784.4613@BuHOliW8fWvkYOvvVSOrTA


8/11

> Return-Path:> Received: from mail3.npgx.com.au (cougar.npgx.com.au [203.25.170.31])> by mail.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DGh4dJ018376> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)> for ; Wed, 14 May 2008 02:43:04 +1000> X-NPGX-Watermark: 1211301747.79242@OEwNlWHFJPIOEtkb+dSoWA> Received: from mail.plugdistort.com (mail.plugdistort.com> [148.51.219.98])

> by mail3.npgx.com.au (8.13.1/8.13.1) with ESMTP id m4DGfofm020617> for ; Wed, 14 May 2008 02:42:25 +1000> Message-Id:> Reply-To:> From: HD Test Panel> Subject: {Spam?}{Score=14} {Disarmed} We need consumers to Test (and> Keep) Hi Definition TV> Date: Tue, 13 May 2008 16:51:56 GMT> X-Complaints-To:> To:> MIME-Version: 1.0> Content-Type: multipart/alternative;boundary="Part.904225225.2026125044"> X-Greylist: Delayed for 00:45:46 by milter-greylist-4.1.1

> (mail3.npgx.com.au [203.25.170.31]); Wed, 14 May 2008 02:42:26 +1000> (EST)> X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/> Received-SPF: Pass (mail3.npgx.com.au: domain of> [email protected]> designates 148.51.219.98 as permitted sender)> receiver=mail3.npgx.com.au; client-ip=148.51.219.98;> envelope-from=; helo=mail.plugdistort.com;> X-DCC--Metrics: cougar.npgx.com.au 1113; Body=1 Fuz1=11 Fuz2=17> X-NPGX-MailScanner: Found to be virus free, Found to be virus free> X-NPGX-MailScanner-SpamCheck: spam, SpamAssassin (not cached,> score=14.579,> required 5, autolearn=spam, BAYES_60 1.00, FB_INDEPEND_RWD 3.60,

> HTML_IMAGE_ONLY_28 1.56, HTML_IMAGE_RATIO_02 0.38, HTML_MESSAGE 0.00,> MPART_ALT_DIFF_COUNT 1.11, SPF_PASS -0.00, URIBL_BLACK 1.96,> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SC_SURBL 0.47,> URIBL_WS_SURBL 1.50)> X-NPGX-MailScanner-SpamScore: ssssssssssssss> X-NPGX-MailScanner-Information: Please contact NPGX for more information> X-MailScanner-ID: m4DGh4dJ018376> X-NPGX-MailScanner-From: [email protected]>> This is a multi-part message in MIME format.>> --Part.904225225.2026125044> Content-Type: text/plain;

> charset="ISO-8859-1"> Content-Transfer-Encoding: quoted-printable>> Attention TV Watchers: HDTestPanel.com is looking for consumers to test> and=> keep Hi Definition TVs for free. How would you like to be selected?> Click => now for details.>>> http://TAbccadajambidRG.plugdistort.com/link.asp?a=3Dc&u=3D127616714&e=3


9/11

> D12=> 203090>> You could be watching your favorite shows and games on a new Hi> Definition => TV! Choose between the Sharp, Samsung, and LG HDTVs. Sign up today!>>

> http://TAbccadajambidRG.plugdistort.com/link.asp?a=3Dc&u=3D127616714&e=3> D12=> 203090>>>>>>>>> This is an advertisement. Promotion sponsored exclusively by> HDTestPanel.c=

> om and is subject to terms and conditions. Please see website for> complete => details. Participation eligibility is restricted to legal US residents> 18 => and over. No purchase is required to receive a test product and a> purchase=> will not increase the likelihood of being selected. Please see> promotion t=> erms for alternative postal method of establishing eligibility for the> test=> program. In addition to the test program, members may also choose to> parti=> cipate in the membership incentive program to receive a free gift

> package w=> hen they meet the program requirements which include the completion of> spon=> sor offers. HDTestPanel.com is an independent rewards program and is not> af=> filiated with, sponsored by, or endorsed by any of the listed products,> ret=> ailers, or manufacturers. Trademarks, service marks, logos, and domain> nam=> es are the property of their respective owners. This email was sent by> an => affiliate of HDTestPanel.com. HDTestPanel.com authorizes affiliates to> pro=

> mote its offers to permission based email lists subject to our affiliate> te=> rms which include (but are not limited to) providing a working> unsubscribe => mechanism, not using any third party trademarks such as the names of the> ma=> nufacturers of the gift items we offer in email from lines, and a> subject l=> ine which accurately describes the content of the promotional message.> If => you wish to unsubscribe from this affiliate's list, please use the


10/11

> instruct=> ions provided by the affiliate. If you would like to place your email> addr=> ess on HDTestPanel.com's do not contact list, please visit> http://TAbccadaj=> ambidRG.plugdistort.com/link.asp?a=3Dc&u=3D127616715&e=3D12203090 and> input=> your email address, or you may write to us at HDTestPanel.com 3830

> Forest => Drive, Suite 207, Columbia, SC 29204. Offer not valid to residents of> Ohio=> , and is void where prohibited by law.>>> If you think you received this email in error or would prefer not to> receiv=> e emails from us,> click here:> http://TAbccadajambidRG.plugdistort.com/link.asp?a=3Dr&m=3D4586=> 2530&e=3D12203090=20> List Manager, 27 West Anapamu Suite 402, Santa Barbara, CA 93101

>>> --Part.904225225.2026125044> Content-Type: text/html;> charset="ISO-8859-1"> Content-Transfer-Encoding: quoted-printable>>>>>>> We need consumers to Tes=

> t (and Keep) Hi Definition TV>>>>>>>>>>>>

>>>>>>>>>>>


11/11

>>>>>>>>

>>>>>> List Manager> 27 West Anapamu Suite 402> Santa Barbara, CA 9310=> 1>>>>

>>> --Part.904225225.2026125044-->>> --- end of spam --->>> --- end of spam --->

--- end of spam ---

Documents

[email protected] broken autoresponder, part 2/2