SPAM-eMail which wasn’t filtered out
Today I got this SPAM-eMail:
From - Wed Sep 19 19:27:40 2007 X-Account-Key: account7 X-UIDL: 186724015 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from relay03.mediabeam.com ([194.25.41.10]) by smtp.directbox.com ([194.25.41.68]) with SMTP for ; Wed, 19 Sep 2007 13:14:57 +0200 Received: from px.nl (37.net059085255.t-com.ne.jp [59.85.255.37]) by relay03.mediabeam.com (8.13.1/8.13.1) with SMTP id l8JBEXUD010048 for ; Wed, 19 Sep 2007 13:14:36 +0200 Reply-To: "Bettie Waller" From: "Bettie" Message-ID: <1333211882.547268997208@px.nl> Date: Wed, 19 Sep 2007 07:13:03 -0400 To: <notpublished@notpublished.com> Subject: Young Lesbian Breannas On Sofa Fucks & Teasing MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-mediaBEAM-MailScanner-Information: Spam-/VirusProtection V1.0 X-mediaBEAM-VirusProtection: clean X-mediaBEAM-SpamScore: 3 We're glad to inform you, Shaved French Melanie Interracial Banged On Boat Tied Up Hentai Brittany Gets Her Beaver Tortured http://tstfofy.ijuwyvow.cn/?md7eahrk3t9 Have a good time! sinside out,blues reader Because of following criterias/reasons it had to be filtered by the AntiSPAM-engine:
- There is no single “Received:”-line in the header come from the sending SMTP-server
- The subject contains words like: “Lesbian”, “Fucks” and “Teasing” which a normal user would never put in the subject
- The Headers “Reply-To” and “From” have the same address but not the same name (“Bettie Waller” and “Bettie”). Would an eMail-client (MUA = mail user agent) like Mozilla Thunderbird do that?
- As you can see in the Date-Header (Date: Wed, 19 Sep 2007 07:13:03 -0400), this eMails comes from afar. These countries uses the timezone UTC+4: Armenia, Azerbaijan, French Southern Territories, Îles Crozet, Georgia, Mauritius, Oman, Réunion, Russia, Samara Oblast, Udmurt Republic, Scattered islands in the Indian Ocean, Glorioso Islands, Tromelin Island, Seychelles and the United Arab Emirates (found here). Most of these countries I do not even know how to spell them out. Why on earth an eMail from there can really NOT be a spam-eMail.
- The sender-address “edwinmjqf@px.nl” contains a few letters in an exceptional order (like “n” followed by “m”, “q” followed by “f”, …)
- The 7bit-encoding (“Content-Transfer-Encoding: 7bit”) is only used by old SMTP-server. If people want to sent important eMails, they shall use modern technology
- The name used in the from-header (From: “Bettie” ) isn’t used also in the address.
- The TDL “.nl” is owned by the country Netherlands and they use the time zone UTC+1 not UTC+4 as stated in the date-header
- I never got a nonspam eMail from “.nl”
- If I didn’t convince you yet, here is my last criteria: The mailserver of the domain “px.nl” called “mail.px.nl” doesn’t known the address “edwinmjqf@px.nl”:
nslookup -query=MX px.nl
telnet mail.px.nl 25
…
RCPT TO:edwinmjqf@px.nl
550 : Recipient address rejected: User unknown in virtual mailbox table
What the hell did that AntiSPAM-engine “think”!
