Let your know about how you have to check this infact.... you have to check the original email with all headers. Given below the original email with headers for everyone reference:
------------- Delivered-To: [email protected] Received: by 10.141.37.16 with SMTP id p16cs192037rvj; Sat, 15 May 2010 21:54:13 -0700 (PDT) Received: by 10.141.187.9 with SMTP id o9mr2331623rvp.211.1273985653009; Sat, 15 May 2010 21:54:13 -0700 (PDT) Return-Path: <[email protected]> Received: from www.bagcrafters.com ([74.208.166.151]) by mx.google.com with SMTP id t1si9872196rvl.76.2010.05.15.21.54.12; Sat, 15 May 2010 21:54:12 -0700 (PDT) Received-SPF: neutral (google.com: 74.208.166.151 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=74.208.166.151; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.208.166.151 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] Date: Sun, 16 May 2010 00:46:01 +0400 To: <[email protected]> From: Facebook <[email protected] <notification%[email protected]>> Reply-to: noreply <[email protected]> Subject: Facebook Support sent you a message on Facebook... Message-ID: <[email protected]> X-Priority: 3 X-Mailer: ZuckMail [version 1.00] X-Facebook-Notify: msg; from=124112171639398; t=151694426525; mailid=CA2DDD7Da65B9F6Ab114Cb01d4e0Ce Errors-To: [email protected] <notification%[email protected]> X-FACEBOOK-PRIORITY: 0 MIME-Version: 1.0 Content-Type: text/html; charset = "UTF-8" Content-Transfer-Encoding: 7bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional //EN"> <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Facebook</title></head><body style="margin: 0; padding: 0;" dir="ltr"><table width="98%" border="0" cellspacing="0" cellpadding="40"><tr><td bgcolor="#f7f7f7" width="100%" style="font-family: lucida grande, tahoma, verdana, arial, sans-serif;"><table cellpadding="0" cellspacing="0" border="0" width="620"><tr><td style="background: #3b5998; color: #fff; font-weight: bold; font-family: lucida grande, tahoma, verdana, arial, sans-serif; padding: 4px 8px; vertical-align: middle; font-size: 16px; letter-spacing: -0.03em; text-align: left;">facebook</td></tr><tr><td style="background-color: #fff; border-bottom: 1px solid #3b5998; border-left: 1px solid #ccc; border-right: 1px solid #ccc;font-family: lucida grande, tahoma, verdana, arial, sans-serif; padding: 15px;" valign="top"><table width="100%"><tr><td width="100%" style="font-size: 12px;" valign="top" align="left"><div style="margin-bottom: 15px;"><a href="http://www.facebook.com";>Facebook</a> sent you a message.</div><div style="margin-bottom: 15px;"><table cellpadding="0" cellspacing="0" style="width: 90%; font-size: 12px;"><tr><td colspan="2" style="border-top:1px solid #cfd7e4;"></td></tr><tr><td valign="top" style="padding: 7px 7px 7px 0px; width: 57px;"><a href="http://www.facebook.com";><img src="http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"; alt="Facebook" style="border: 0; width:50px; " /></a></td><td valign="top" align="left" style="padding: 7px 0px;"><div style="padding-bottom: 7px;"><a style="font-weight: bold;" href="http://www.facebook.com";>Facebook</a><span style="padding-left: 7px; color: #888;"> </span></div><div style="padding-bottom: 7px;">Subject: Important information</div><div style="padding-bottom: 7px;"> </div></td></tr><tr><td colspan="2" style="border-top:1px solid #cfd7e4;"></td></tr></table></div></td></tr></table><div style="padding-top: 15px;"><table width="100%" cellspacing="0" cellpadding="0"><tr><td style="background-color: #FFF8CC; border: 1px solid #FFE222; color: #333; padding: 10px; font-size: 11px;"><div style="font-weight: bold; margin-bottom: 2px;">To read this message, follow the link below:</div><a href="http://profibrosis.org/participants.html"; style="color: #3b5998; text-decoration: none;">http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook team</a></td></tr></table></div></td></tr><tr><td style="color: #999; padding: 10px; font-size: 11px; font-family: lucida grande, tahoma, verdana, arial, sans-serif;">This message was intended for you. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe. http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015 Facebook`s offices are located at 1601 S. California Ave., Palo Alto, CA 94304.</td></tr></table></td></tr></table></body></html> ------------- Regards Sandeep Thakur On Thu, May 20, 2010 at 2:17 PM, Sandeep Thakur <[email protected]>wrote: > In addition to the mail sent with subject "Facebook Password Reset Scam By > Macfee" by Amardeep last day, I would like to share one such real spam > mail to you all. Can any point in the code where is the problem... a perfect > XSS example though.... given you hint rather... > > > > Regards > Sandeep Thakur > > > ---------- Forwarded message ---------- > From: Facebook > <[email protected]<notification%[email protected]> > > > Date: Sat, May 15, 2010 at 1:46 PM > Subject: Facebook Support sent you a message on Facebook... > To: [email protected] > > > facebook > Facebook sent you a message. > [image: Facebook] > Facebook > Subject: Important information > To read this message, follow the link below: > http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook > team > This message was intended for you. If you do not wish to receive this type > of email from Facebook in the future, please click on the link below to > unsubscribe. > http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015Facebook`s > offices are located at 1601 S. California Ave., Palo Alto, CA > 94304. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"](https://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"){kind=link}