New Spam?

Here's an email I received today. It reports I've been signed up for a mailing list and asks me to unsubscribe if I didn't sign up for the mailing list. Legitimate mailing lists tell you to ignore the message and do nothing if you didn't sign up. It looks like the mailing agent belongs to h24-71-223-11, who I guessed was 24.71.223.11. That IP resolves to h24-71-223-11.cg.shawcable.net. That machine is offering a mail server on port 25:

220 pd2mi3so.prod.shaw.ca -- Server ESMTP (iPlanet Messaging Server 5.2 HotFix1.18 (built Jul 28 2003))

However, that mail server doesn't allow mail relay.

I think the system which originated the email is (h0000864f50cd.ne.client2.attbi.com [24.62.13.114]).

A message from Yahoo! Groups wouldn't originate from a home AT&T user. The mailer agent is interesting too -- "Synapse, which is a synchronous TCP/IP library for Delphi, Kylix,
FreePascal, and C++ Builder," according to my friend John Ward. He also says "this was some tool written to be a dedicated, non-threading mass mailer due to its synchronious nature, probably a command line tool, written for either Windows or Linux."

From - Tue Oct 28 12:17:53 2003
X-UIDL: 20031028171245s1200r471be0032gq
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from mx1.domaindiscover.com ([216.104.161.40])
by sccrmxc12.comcast.net (sccrmxc12) with ESMTP
id <20031028171245s1200l47cve>; Tue, 28 Oct 2003 17:12:45 +0000
Received: from h24-71-223-11 (h0000864f50cd.ne.client2.attbi.com [24.62.13.114])
by mx1.domaindiscover.com (Postfix) with ESMTP id 6B2CD31804
for ; Tue, 28 Oct 2003 09:12:37 -0800 (PST)
From: conspiracies_revealed-subscribe@yahoogroups.com
To: CENSORED@CENSORED.com
Subject: -Confirmation-
Date: Tue, 28 Oct 2003 06:30:20 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-Id: <20031028171237.6B2CD31804@mx1.domaindiscover.com>

Thanks for signing up for yahoo groups conspiracies_revealed this is your
comfirmation email. You can log in via the website www.nasaconspiracy.net
If you didn't sign up or someone else has
used your email to sign up please click unsubscribe

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics