Are these spoofed emails or someone is sending them from bitcoin.org?

bennybong

hero member

Activity: 682

Merit: 500

I am running a similar scam, except my odds are much better.

Just send any btc to my sig and I will try and send you back as much as I can! (honest)

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: rpg on October 22, 2013, 12:25:03 AM

Quote from: Dabs on October 22, 2013, 12:14:42 AM

The english isn't perfect. So that's a telling sign already. And they didn't use a vanity address. (not that they have to, just makes it look better.)

Who is brave enough to check out the binary file? hehehe.

send it over, that's what the virtual machines are for

They said you can download it here
http://www.sendspace.com/file/9ne22o

tripppn

hero member

Activity: 756

Merit: 500

The payout is IMMEDIATE, GUARANTEED and there is NO RISK from losing your bitcoin.
This is a TIME LIMITED ONE-TIME OFFER and you must ACT NOW!

This is my favorite part!

rpg

hero member

Activity: 728

Merit: 500

Quote from: Dabs on October 22, 2013, 12:14:42 AM

The english isn't perfect. So that's a telling sign already. And they didn't use a vanity address. (not that they have to, just makes it look better.)

Who is brave enough to check out the binary file? hehehe.

send it over, that's what the virtual machines are for

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

The english isn't perfect. So that's a telling sign already. And they didn't use a vanity address. (not that they have to, just makes it look better.)

Who is brave enough to check out the binary file? hehehe.

rpg

hero member

Activity: 728

Merit: 500

Quote from: Zeek_W on October 19, 2013, 07:27:40 PM

uaeexchange.co.in

Received: from unknown (HELO p3plibsmtp01-10.prod.phx3.secureserver.net) ([10.6.12.197])

are you sure? i think its coming right from the godaddy network. I bet Godaddy email servers are not relaying, as such they would not be accepting emails from india to send to google.

So some computer at godaddy has been hacked or has a internet facing web server that allows HTTP proxies where an email can be sent using socks. A bot on another computer can also scan the internal network for web servers of course.

10.6.12.197 is a private address part of 10.6 that are used in many internal networks

All the other headers down are trash, they are inserted on purpose

Should godaddy be made aware they are sending spam?

EDIT: of course rugatu.com can be owned by our friend and he has an email forward to google. Forgot abut that possibility

blockgenesis

sr. member

Activity: 285

Merit: 250

Bitcoin.org maintainer

Quote from: Mike Hearn on October 20, 2013, 09:45:42 AM

SPF is obsolete and many email providers ignore it. Much better is DKIM+DMARC, which is what Sirius should set up (ideally), although really by now perhaps the domain name should be transferred to the foundation or Gavin. Sirius isn't really involved any more.

Sirius answered some of my requests in the past (he didn't answer this one yet). But I agree that it is important to be able to count on the person controling bitcoin.org . I asked sirius if he had some "backup plan" in case anything happened to him but got no answer. So of course, I would be more reassured too if the domain was in the core dev team hands since sirius availability seems to be very limited now.

Mike Hearn

legendary

Activity: 1526

Merit: 1134

SPF is obsolete and many email providers ignore it. Much better is DKIM+DMARC, which is what Sirius should set up (ideally), although really by now perhaps the domain name should be transferred to the foundation or Gavin. Sirius isn't really involved any more.

LiteCoinGuy

legendary

Activity: 1148

Merit: 1014

In Satoshi I Trust

but they are also asking for Litecoin, so legit Cheesy

Rannasha

hero member

Activity: 728

Merit: 500

Quote from: ?? on ??

Obviously it isn't legit, but the sender looking like bitcoin.org makes you question it (before the 400% return part..).

Spoofing a sender address is absolutely trivial. You should never trust an email because of its sender address.

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Quote from: blockgenesis on October 20, 2013, 02:51:50 AM

I asked sirius if he could add a SPF record to his DNS server to help email providers to move these fraudulent emails directly into their SPAM folders..

Thanks

blockgenesis

sr. member

Activity: 285

Merit: 250

Bitcoin.org maintainer

I asked sirius if he could add a SPF record to his DNS server to help email providers to move these fraudulent emails directly into their SPAM folders..

pedrog

legendary

Activity: 2786

Merit: 1031

Bitcoin Nigerian Letter.

error

hero member

Activity: 588

Merit: 500

Blatantly obvious fakes, even without looking at the headers.

The good news is nobody seems to have fallen for them yet, if the empty history of those Bitcoin addresses is any indication.

Zeek_W

sr. member

Activity: 336

Merit: 250

uaeexchange.co.in

BCB

vip

Activity: 1078

Merit: 1002

BCJ

That's India dude. I doubt it's legit

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Quote from: rpg on October 19, 2013, 06:50:28 PM

email headers please

Code:

Delivered-To: [email protected]
Received: by 10.114.0.228 with SMTP id 4csp49107ldh;
        Sat, 19 Oct 2013 14:02:13 -0700 (PDT)
X-Received: from mr.google.com ([10.205.105.73])
        by 10.205.105.73 with SMTP id dp9mr1252712bkc.33.1382216532641 (num_hops = 1);
        Sat, 19 Oct 2013 14:02:12 -0700 (PDT)
X-Received: by 10.205.105.73 with SMTP id dp9mr542392bkc.33.1382216532459;
        Sat, 19 Oct 2013 14:02:12 -0700 (PDT)
X-Forwarded-To: [email protected]
X-Forwarded-For: [email protected] [email protected]
Delivered-To: [email protected]
Received: by 10.204.226.133 with SMTP id iw5csp58037bkb;
        Sat, 19 Oct 2013 14:02:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-original-authentication-results:delivered-to:delivered-to
         :content-type:mime-version:content-transfer-encoding
         :content-description:subject:to:from:date:reply-to:return-receipt-to
         :message-id;
        bh=tYwU0gnZQSWsvDC6GXua4Ejq+oZyZoCY1Eusaz59eaM=;
        b=at3eGk9LGUyyY2ryViGyw3cp3kdV6BtHMv88RM7QWIFd58uhr5dTBCkOUHC8/44V+2
         276kKhpjhlgXKb3eW3qGIKu5M8xgYsbD63doFuucfPz91S0DgIcDmdKnyK16gmXjJ5JN
         c5e4aezfL9+8P3R5ztG3vLdBAO5alp72SIJsLHXPQAfX3N17oaUG9YHL9+yKS7zZri85
         i2Ex6BtBCelgZVg5+v7zKcXlgGMgwl6Qpacgkp9wmfhIbvu3C6rNycmXhtV70JD2KetS
         AH7EpZLIdDeBj4OsSYiWzAxoZ13mPCpBwwbAJeFb4jimLQ9N1fyAYhEEJd861hI8GVT3
         jMlA==
X-Original-Authentication-Results: mx.google.com;       spf=pass (google.com: domain of [email protected] designates 173.201.192.185 as permitted sender) smtp.mail=SRS0=ntU1=T5=bitcoin.org=invests@bounce.secureserver.net
X-Received: from mr.google.com ([10.50.128.137])
        by 10.50.128.137 with SMTP id no9mr5468927igb.36.1382216530982 (num_hops = 1);
        Sat, 19 Oct 2013 14:02:10 -0700 (PDT)
X-Received: by 10.50.128.137 with SMTP id no9mr4299466igb.36.1382216530042;
        Sat, 19 Oct 2013 14:02:10 -0700 (PDT)
X-Forwarded-To: [email protected], [email protected]
X-X-Forwarded-For: [email protected] [email protected], [email protected]
Delivered-To: [email protected]
Received: by 10.64.227.50 with SMTP id rx18csp38085iec;
        Sat, 19 Oct 2013 14:02:09 -0700 (PDT)
X-Received: by 10.43.10.198 with SMTP id pb6mr5874773icb.40.1382216529512;
        Sat, 19 Oct 2013 14:02:09 -0700 (PDT)
Return-Path: 
Received: from p3plsmtp14-03.prod.phx3.secureserver.net (p3plsmtp14-03.prod.phx3.secureserver.net. [173.201.192.185])
        by mx.google.com with ESMTP id jb1si8916913icb.5.2013.10.19.14.02.08
        for ;
        Sat, 19 Oct 2013 14:02:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 173.201.192.185 as permitted sender) client-ip=173.201.192.185;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 173.201.192.185 as permitted sender) smtp.mail=SRS0=ntU1=T5=bitcoin.org=invests@bounce.secureserver.net
Received: (qmail 14057 invoked from network); 19 Oct 2013 21:02:08 -0000
Delivered-To: [email protected]
Received: (qmail 14050 invoked by uid 30297); 19 Oct 2013 21:02:08 -0000
Received: from unknown (HELO p3plibsmtp01-10.prod.phx3.secureserver.net) ([10.6.12.197])
          (envelope-sender )
          by p3plsmtp14-03.prod.phx3.secureserver.net (qmail-1.03) with SMTP
          for ; 19 Oct 2013 21:02:08 -0000
Received: from mx1.uaeexchange.co.in ([203.197.151.29])
	by p3plibsmtp01-10.prod.phx3.secureserver.net with bizsmtp
	id f9261m0020eJYjv019266l; Sat, 19 Oct 2013 14:02:08 -0700
X-Authority-Analysis: v=2.0 cv=AtUwKpBP c=1 sm=1
 a=2LujIVcxHzjGFIFK9kwEgA==:17 a=iM3w-qz-v2IA:10 a=1gkY2oB4D8cA:10
 a=sg1Movbh_6AA:10 a=wPDyFdB5xvgA:10 a=IkcTkHD0fZMA:10 a=hxtorQ8BAAAA:8
 a=c3CknTMcAAAA:8 a=xqfsdtIXgKcA:10 a=FJK6MB_soEjotqEc3dMA:9 a=QEXdDO2ut3YA:10
 a=WdolIobSAHYA:10 a=PvSqNWqEmEJ5-Lh7:21 a=NVN3th6WmReDMRcw:21
 a=2LujIVcxHzjGFIFK9kwEgA==:117
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mx1.uaeexchange.co.in (Postfix) with ESMTP id 00A8A20869A
	for ; Sun, 20 Oct 2013 02:32:05 +0530 (IST)
X-Virus-Scanned: by Wipro AntiSpam Gateway at uaeexchange.co.in
Received: from mx1.uaeexchange.co.in ([127.0.0.1])
	by localhost (uaeexchange.co.in [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jBa4Ld49r46N for ;
	Sun, 20 Oct 2013 02:32:04 +0530 (IST)
Received: from [192.168.0.100] (unknown [89.223.47.197])
	by mx1.uaeexchange.co.in (Postfix) with ESMTPA id 48892208696
	for ; Sun, 20 Oct 2013 02:32:03 +0530 (IST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Dear Bitcoin Member News 2013
To: [email protected]
From: [email protected]
Date: Sun, 20 Oct 2013 00:51:01 +0400
Reply-To: [email protected]
Return-receipt-to: [email protected]
Message-Id: <[email protected]>

rpg

hero member

Activity: 728

Merit: 500

email headers please

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

We're receiving allot of strange emails from bitcoin.org lately and I was curious to know if they're legit or someone is spoofing the domain for their own interest.

Here are some of them:

Quote

from:    [email protected]
reply-to:    [email protected]
to:    [email protected]
date:    Sat, Oct 19, 2013 at 3:52 AM

Bitcoin Foundation standardizes, protects and promotes the use of Bitcoin cryptographic money for the benefit of users worldwide.

Bitcoin Foundation Accepts Donations in Bitcoins

We believe this is important for two reasons:

1. It represents our strong belief in the value of Bitcoin as a medium of exchange AND
2. It automatically makes the Foundation’s assets public information—allowing Bitcoin users to see how much we have received in donations and emphasizing our commitment to transparency
3. Help this for us true

Make a donation

Donate to the Bitcoin Foundation:

BTC: 1PPqWCmzDeBxgtfwNPqekzHBTzxnkXba5i

LTC: LLqWMnmCA2D51Lc5eSt5zaMADVgFRMEAzs

We guarantee
if you send just 0.1 or some BTC or LTC to wallet you very help us
our mission make bitcoins technology is future
Your donation can support

Quote

from:    [email protected]
reply-to:    [email protected]
to:    [email protected]
date:    Sat, Oct 19, 2013 at 10:51 PM

Dear Bitcoin Member,

Bitcoin has made considerable progress and improvement, it has become the leading e-currency and its services are being improved continuously.

Recently we have estabilished a very important relation with leading Forex traders from Tokyo and we decided to give a special offer to you:

GET 400% Bitcoin Address Bitcoin RETURN IN 1 Hours !

Investment plans below:
1 - 4 BTC we return in 1 hours 400%
5 - 8.5 BTC we return in 1 hours 350%
10 - 47.5 BTC we return in 1 hours 500%

Investment Example:

You send deposit 1 BTC we return 4 BTC
You send deposit 5 BTC we return 8.5 BTC
You send deposit 10 BTC we return 47.5 BTC
You send deposit 100 BTC we return 470.5 BTC

You need to make spend deposit to Bitcoin Forex Investment Address: 1EPJJyST5awBYuqt2inH3WBWzdnALutzTe

Login your bitcoin account or software / Send Money (Coins).

The minimal deposit is 1 Bitcoin, while the maximum deposit is 100 Bitcoin per member.
The 300 payout will be made back to your Bitcoin Address in 1 hours.

The payout is IMMEDIATE, GUARANTEED and there is NO RISK from losing your bitcoin.
This is a TIME LIMITED ONE-TIME OFFER and you must ACT NOW!

This opportunity will not last long, so you must react quickly.
Deposits are accepted until Oct 28. 2013 4:00 (GMT).

Thank You.

Best Regards: Bitcoin.org and Tokyo forex partnership.
Bitcoin Project 2008–2013 Released under the MIT license

You Get Money Number Your Wallet Your Money in Hour Stable

Investment Address: 1EPJJyST5awBYuqt2inH3WBWzdnALutzTe

Quote

from:    [email protected]
reply-to:    [email protected]
to:    [email protected]
date:    Sun, Oct 20, 2013 at 12:09 AM

Bitcoin is an innovative payment network and a new kind of money.

Bitcoin Wallet

Your Bitcoin wallet is what allows you to transact with other users. It gives you ownership of a Bitcoin balance so that you can send and receive bitcoins. Just like email, all wallets can interoperate with each other.

Getting started with Bitcoin

Choose your wallet

Upload Complete > New File
Congratulations! Your upload completed successfully

Bitcoin-0.8.5-win32-setup

Yes

Download Link

http://www.sendspace.com/file/9ne22o

in attach also file for you version new

You can bring a Bitcoin wallet in your everyday life with your mobile or you can have a wallet only for online payments on your computer. In any case, choosing your wallet can be done in a minute.

Using Bitcoin to pay and get paid is easy and accessible to everyone.

What do you think?

Topic: Are these spoofed emails or someone is sending them from bitcoin.org? (Read 3927 times)