Scam TagCloud

Scam Email Headers

EEEEEstdClass Object ( [return-path:] => [envelope-to:] => luckyweird@scamdex.com [delivery-date:] => Mon, 04 Jul 2011 00:15:04 -0700 [received:] => Array ( [0] => from 117-56-117-244.hinet-ip.hinet.net ([117.56.117.244] helo=nt.haiduau.gov.tw)by chester.loopbiz.com with esmtps (TLSv1:AES256-SHA:256)(Exim 4.69)(envelope-from )id 1QddMx-00042T-SYfor luckyweird@scamdex.com; Mon, 04 Jul 2011 00:15:04 -0700 [1] => from onlineupdate.com (unassigned.ahram.org.eg [163.121.116.116] (may be forged))(authenticated bits=0)by nt.haiduau.gov.tw (8.13.1/8.13.1) with ESMTP id p647BjFg008539for ; Mon, 4 Jul 2011 15:15:03 +0800 ) [from:] => =?X-EUROPA?B?VklTQQ==?= [to:] => luckyweird@scamdex.com [subject:] => [GSN Suspected Spam] =?X-EUROPA?B?eW91ciBWSVNBIGNhcmQgNFhYWC1YWFhYLVhYWFgtWFhYWDogcG9zc2libGUgZnJhdWR1bGVudCB0cmFuc2FjdGlvbiAjIDM5MzY0NzY=?= [date:] => 04 Jul 2011 10:13:53 +0300 [message-id:] => <20110704101353.3B469259C230ED1A@onlineupdate.com> [mime-version:] => 1.0 [content-type:] => text/html;charset="iso-8859-1" [content-transfer-encoding:] => quoted-printable [x-spam-status:] => No, score=3.6 [x-spam-score:] => 36 [x-spam-bar:] => +++ [x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: your VISA card 4XXX-XXXX-XXXX-XXXX: possible fraudulent transaction# 3936476 Dear VISA card holder, A recent review of your transaction historydetermined that your card was used at an ATM located in Iran, but for securityreasons the requested transaction was refused. You need to complete the VISACard Holder Form. You can do this by clicking the link below: [...] Content analysis details: (3.6 points, 4.0 required)pts rule name description---- ---------------------- --------------------------------------------------0.0 DNS_FROM_RFC_DSN RBL: Envelope sender in dsn.rfc-ignorant.org0.1 TVD_RCVD_IP TVD_RCVD_IP1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT[117.56.117.244 listed in bb.barracudacentral.org]0.0 HTML_MESSAGE BODY: HTML included in message1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars0.4 RDNS_DYNAMIC Delivered to internal network by host withdynamic-looking rDNS0.0 RFC_ABUSE_POST Both abuse and postmaster missing on sender domain0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily0.3 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP-0.0 AWL AWL: From: address is in the auto white-list [x-spam-flag:] => NO )

Community Action - SPAM/non-Scam Report

Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.

Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not be in our database.
Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or SPAM, via unpublished 'Honeypot' email addresses.