new spam variant

Dhawal Doshy dhawal at NETMAGICSOLUTIONS.COM
Thu Dec 2 18:07:14 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Anyone else seeing undetectable / low scoring spam like this..

Received: from cpc3-john1-5-1-cust168.renf.cable.ntl.com
(cpc3-john1-5-1-cust168.renf.cable.ntl.com [82.17.174.168])
by mx1.netmagicians.com (Postfix) with ESMTP id AD52316AB43
for <currency at indiainfoline.com>; Thu, 2 Dec 2004 23:25:53 +0530 (IST)
Received: from fedxmail.com (mail.fedxmail.com [24.244.141.148])
by cpc3-john1-5-1-cust168.renf.cable.ntl.com with esmtp
id E74A32DC7A for <currency at indiainfoline.com>; Thu, 02 Dec 2004
11:48:48 -0600
Message-ID: <100001c4d897$08f68371$c9cce295 at fedxmail.com>
From: "Trawled G. Bakeries" <restitution at fedxmail.com>
To: Currency <currency at indiainfoline.com>
Subject: RE: Neevr Seen Crysp Clear Dwolnoadable Movies
Date: Thu, 02 Dec 2004 11:48:48 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_FC478F22.31F09B51"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Virus-Scanned: by AMaViS perl-11 mion

and this
Received: from 238.red-217-217-148.user.auna.net (unknown [217.217.148.238])
by mx2.netmagicians.com (Postfix) with ESMTP id 2147D38867F
for <vandelay at indiainfoline.com>; Thu, 2 Dec 2004 23:28:13 +0530 (IST)
Received: from hilgartdata.com (logos.hilgartdata.com [66.218.198.43])
by 238.red-217-217-148.user.auna.net with esmtp
id EC557E18FD for <vandelay at indiainfoline.com>; Thu, 02 Dec 2004
11:38:53 -0600
Message-ID: <101101c4d895$4886620d$3947b9b1 at hilgartdata.com>
From: "Scratching E. Scruffy" <scandal at hilgartdata.com>
To: Vandelay <vandelay at indiainfoline.com>
Subject: Re: Harodrce Huge Sceren Dwnlooadable Flicks
Date: Thu, 02 Dec 2004 11:38:53 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0029_FABAADF3.B77D4467"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Virus-Scanned: Symantec AntiVirus Scan Engine

These messages seem to get through with a low score primarily because
they are send using a proper name "Scratching E. Scruffy"
<scandal at hilgartdata.com>, they also add some fake headers which appear
quite realistic to SA
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Virus-Scanned: Symantec AntiVirus Scan Engine

Any ideas on how to defeat them?

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list