Topic: Just got this E-mail from OKPAY, I think it's phishing (Read 1694 times)
SpamAssasin
excerpt from my headers:
this is about the worst possible spam-score. pretty weak attempt.
Which spam classification tool is giving you those headers? It looks fairly intelligent. Quote
X-Spam-Status: Yes, score=17.6 required=4.0
X-Spam-Report:
* 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [41.215.241.234 listed in zen.spamhaus.org]
* 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
* 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 1.4 MSGID_YAHOO_CAPS Message-ID has [email protected]
* 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
* 0.1 TVD_RCVD_IP TVD_RCVD_IP
* 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
* 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
* 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora
X-Spam-Report:
* 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [41.215.241.234 listed in zen.spamhaus.org]
* 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
* 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 1.4 MSGID_YAHOO_CAPS Message-ID has [email protected]
* 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
* 0.1 TVD_RCVD_IP TVD_RCVD_IP
* 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
* 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
* 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora
this is about the worst possible spam-score. pretty weak attempt.
excerpt from my headers:
this is about the worst possible spam-score. pretty weak attempt.
Quote
X-Spam-Status: Yes, score=17.6 required=4.0
X-Spam-Report:
* 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [41.215.241.234 listed in zen.spamhaus.org]
* 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
* 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 1.4 MSGID_YAHOO_CAPS Message-ID has [email protected]
* 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
* 0.1 TVD_RCVD_IP TVD_RCVD_IP
* 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
* 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
* 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora
X-Spam-Report:
* 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [41.215.241.234 listed in zen.spamhaus.org]
* 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
* 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 1.4 MSGID_YAHOO_CAPS Message-ID has [email protected]
* 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
* 0.1 TVD_RCVD_IP TVD_RCVD_IP
* 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
* 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
* 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora
this is about the worst possible spam-score. pretty weak attempt.
cairo.perfect-privacy.com sure sounds legit lol
Yup, someone hates OKPay for whatever reason and is sending out messages to the list of e-mail addresses that was obtained last June when Mt. Gox got hacked.
Here's a prior spam campaign, possibly by the same perpetrator:
- https://bitcointalksearch.org/topic/okpay-is-scam-probably-not-76270
Here's a prior spam campaign, possibly by the same perpetrator:
- https://bitcointalksearch.org/topic/okpay-is-scam-probably-not-76270
Quote
Dear partners,
Due to legal issues OKPay will close all operations by May 1. 2012.
Please use this time to withdraw your available balance.
Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e
Due to legal issues OKPay will close all operations by May 1. 2012.
Please use this time to withdraw your available balance.
Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e
What do you think? I've never registered to this site, but I got the mail.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Quote
Dear partners,
Due to legal issues OKPay will close all operations by May 1. 2012.
Please use this time to withdraw your available balance.
Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e
Due to legal issues OKPay will close all operations by May 1. 2012.
Please use this time to withdraw your available balance.
Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e
What do you think? I've never registered to this site, but I got the mail.
Headers
Quote
Delivered-To: xxxxxxx
Received: by 10.112.27.135 with SMTP id t7csp15106lbg;
Fri, 13 Apr 2012 09:02:51 -0700 (PDT)
Received: by 10.204.156.12 with SMTP id u12mr691269bkw.33.1334332970837;
Fri, 13 Apr 2012 09:02:50 -0700 (PDT)
Return-Path: <[email protected]>
Received: from 173.194.69.27 (cairo.perfect-privacy.com. [41.215.241.234])
by mx.google.com with SMTP id t8si3645873bkd.28.2012.04.13.09.02.48;
Fri, 13 Apr 2012 09:02:50 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 41.215.241.234 as permitted sender) client-ip=41.215.241.234;
Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning [email protected] does not designate 41.215.241.234 as permitted sender) [email protected]
Received: from 112.2.44.70 by ; Fri, 13 Apr 2012 19:55:47 +0300
Message-ID: <[email protected]>
From: "OKPAY" <[email protected]>
Reply-To: "OKPAY" <[email protected]>
To: xxxx, xxxx
Subject: OKPAY Closing
Date: Fri, 13 Apr 2012 15:01:47 -0200
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--15733187150045582"
X-Priority: 3
X-MSMail-Priority: Normal
----15733187150045582
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Jump to: