Scam TagCloud

Scam Email Headers

EEEEEstdClass Object ( [return-path:] => [envelope-to:] => paypal@o7e.net [delivery-date:] => Fri, 08 Apr 2011 01:04:07 -0700 [received:] => Array ( [0] => from rrcs-208-125-247-202.nys.biz.rr.com ([208.125.247.202] helo=ace-corp.local)by chester.loopbiz.com with esmtp (Exim 4.69)(envelope-from )id 1Q86fb-0000or-BZfor paypal@o7e.net; Fri, 08 Apr 2011 01:04:06 -0700 [1] => from onlineupdate.com ([74.120.98.221]) by ace-corp.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 8 Apr 2011 04:04:03 -0400 ) [from:] => VISA [to:] => paypal@o7e.net [subject:] => your VISA card 4XXX-XXXX-XXXX-XXXX: possible fraudulent transaction # 4210057 [date:] => 08 Apr 2011 09:01:58 +0100 [message-id:] => <20110408090158.FB76B81D1ECA15AD@onlineupdate.com> [mime-version:] => 1.0 [content-type:] => text/html;charset="iso-8859-1" [content-transfer-encoding:] => quoted-printable [x-originalarrivaltime:] => 08 Apr 2011 08:04:03.0405 (UTC) FILETIME=[867E67D0:01CBF5C3] [x-spam-status:] => No, score=3.2 [x-spam-score:] => 32 [x-spam-bar:] => +++ [x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: your VISA card 4XXX-XXXX-XXXX-XXXX: possible fraudulent transaction# 3936476 Dear VISA card holder, A recent review of your transaction historydetermined that your card was used at an ATM located in Iran, but for securityreasons the requested transaction was refused. You need to complete the VISACard Holder Form. You can do this by clicking the link below: [...] Content analysis details: (3.2 points, 4.5 required)pts rule name description---- ---------------------- --------------------------------------------------0.0 DNS_FROM_RFC_DSN RBL: Envelope sender in dsn.rfc-ignorant.org1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT[208.125.247.202 listed in bb.barracudacentral.org]0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL-0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40%[score: 0.3960]0.0 HTML_MESSAGE BODY: HTML included in message0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars1.0 RDNS_DYNAMIC Delivered to internal network by host withdynamic-looking rDNS0.0 RFC_ABUSE_POST Both abuse and postmaster missing on sender domain [x-spam-flag:] => NO )

Community Action - SPAM/non-Scam Report

Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.

Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not be in our database.
Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or SPAM, via unpublished 'Honeypot' email addresses.