Header:
Return-path:
Envelope-to: coinlenders@***
Delivery-date: Mon, 16 Mar 2015 17:05:54 +0100
Received: from mail by *** with spam-scanned (Exim 4.80)
(envelope-from)
id 1YXXWb-0003Sv-Go
for coinlenders@***; Mon, 16 Mar 2015 17:05:54 +0100
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ***
X-Spam-Level: ****
X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_05,DNS_FROM_AHBL_RHSBL,
HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NO_DNS_FOR_FROM,RDNS_NONE autolearn=no
version=3.3.2
Received: from [122.201.94.179] (helo=host.ozanimart.com)
by *** with esmtps (TLSv1:***)
(Exim 4.80)
(envelope-from)
id 1YXXWa-0003Sk-0n
for coinlenders@***; Mon, 16 Mar 2015 17:05:53 +0100
Received: from nobody by host.ozanimart.com with local (Exim 4.77)
(envelope-from)
id 1YXXWU-0003Q7-Uc
for coinlenders@***; Tue, 17 Mar 2015 03:05:46 +1100
Date: Tue, 17 Mar 2015 03:05:46 +1100
To: coinlenders@***
From: btcguild
Subject: Invoice Payment 28737
Message-ID:
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_cce61b37727fa3876bc35c96016e588b"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.ozanimart.com
X-AntiAbuse: Original Domain - ***
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - host.ozanimart.com
--b1_cce61b37727fa3876bc35c96016e588b
Content-Type: text/html; charset = "us-ascii"
Content-Transfer-Encoding: quoted-printable
--b1_cce61b37727fa3876bc35c96016e588b
Content-Type: application/octet-stream; name="28737.jar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="28737.jar"
Followed by the contents of that jar file...
So in case you received some "Invoice" from BTCGuild as well, now you know what the probable source of your emailaddress was.