An
Email with the Subject "You just need to confirm your billing address." was
received in one of Scamdex's honeypot email accounts on Sun, 26 May 2013 21:43:48 -0700
and has been classified as a Generic Scam Email.
The sender shows as PayPal <PayPal@no-reply.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => fred@dumbtube.com
[delivery-date:] => Sun, 26 May 2013 21:43:48 -0700
[received:] => Array
(
[0] => from godzilla.smallpetfeeders.com ([192.138.21.20]:41155)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80)(envelope-from )id 1UgpHe-000747-W3for fred@dumbtube.com; Sun, 26 May 2013 21:43:48 -0700
[1] => from smallpet by godzilla.smallpetfeeders.com with local (Exim 4.80)(envelope-from )id 1UgpHe-00079p-U2for fred@dumbtube.com; Sun, 26 May 2013 23:43:46 -0500
)
[date:] => Sun, 26 May 2013 23:43:46 -0500
[to:] => fred@dumbtube.com
[from:] => PayPal
[reply-to:] =>
[subject:] => You just need to confirm your billing address.
[message-id:] => <9bcf1bd7fb0a7fabcb1a8fbc95249ad9@www.smallpetfeeders.com>
[x-priority:] => 3
[x-mailer:] => PHPMailer (phpmailer.sourceforge.net) [version ]
[mime-version:] => 1.0
[content-transfer-encoding:] => 8bit
[content-type:] => text/html; charset="iso-8859-1"
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - godzilla.smallpetfeeders.com
[2] => Original Domain - dumbtube.com
[3] => Originator/Caller UID/GID - [501 32007] / [47 12]
[4] => Sender Address Domain - godzilla.smallpetfeeders.com
)
[x-get-message-sender-via:] => godzilla.smallpetfeeders.com: authenticated_id: smallpet/only user confirmed/virtual account not confirmed
[x-source:] => /usr/bin/php
[x-source-args:] => /usr/bin/php /home/smallpet/public_html/admin153/smtp.php
[x-source-dir:] => smallpetfeeders.com:/public_html/admin153
[x-spam-status:] => No, score=1.5
[x-spam-score:] => 15
[x-spam-bar:] => +
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: PayPal Notice of Policy Updates Dear Customer, Some information on your account appears to be missing or incorrect. Please update your information promptly so that you can continue to enjoy all the benefits of your PayPal account. If you don't update your information within 24 Hours, we'll limit what you can do with your PayPal account. [...] Content analysis details: (1.5 points, 5.0 required) pts rule name description---- ---------------------- ---------------------------------------------------1.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: paypal-communication.com] 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% [score: 0.6008] 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 T_REMOTE_IMAGE Message contains an external image
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Some information on your account appears to be missing or incorrect.
Please update your information promptly so that you can continue to enjoy all the benefits of your PayPal account.
If you don't update your information within 24 Hours, we'll limit what you can do with your PayPal account.
Update
If you need help logging in, go to our Help Center by clicking the Help link
located in the upper right-hand corner of any PayPal page. .
Sincerely,
PayPal
Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking "Help" at the top of any PayPal page.
