Re: Tone of emails with subject: 'hey'
Ironically, Gmail's spam filters have filtered every single one of the emails in this thread. :-\ Anne Anne P. Mitchell, Attorney at Law Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center Member, Cal. Bar Cyberspace Law Committee Member, Colorado Cyber Committee Member, Elevations Credit Union Member Council Member, Board of Directors, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: Tone of emails with subject: 'hey'
On 2018-02-05 22:55, Philip wrote:
> So lately I'm getting LOTS of emails coming directly though the filters so
> most likely time to investigate how to create one.
>
> The subject is always 'hey'
>
> Subject: hey
>
> Date: Mon, 29 Jan 2018 09:07:40 +0300
> From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro>
> X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
> MIME-Version: 1.0
> Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
>
> Hi josh, my name is Darya and i'm from Russia, but living in the USA. A week
> ago, maybe more, I came across your profile on Facebook and now I wan to know
> you more. I know it sounds a bit strange, but I believe you had something
> like this in your life too :-) If its mutual, email me, this is my email
> danielamar...@rambler.ru and I will send some of my photos also answer any of
> your questions. Waiting for you, XXX Darya
>
> As far as I can see from the different emails:
>
> X-PHP-Originating-Script: 852:class-phpmailer.php
>
> The number is sequential.
>
> 112it4u.ro from the message ID has valid NS entries but the reverse PTR is
> invalid.
>
> The email always starts, 'hi {mailbox name}, and the text is mostly the same
> but the name changes now and then and so does the email address.
>
> Any suggestions on where to start? nOOb here!
Check out http://msbl.org/ This is e-mail addresses blacklist targeting
this type of scam. I have very high score assigned to it and it works
perfectly.
Karol
--
Karol Augustin
ka...@augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
Re: Tone of emails with subject: 'hey'
On 2/5/2018 6:29 PM, John Hardin wrote: Any suggestions on where to start? nOOb here! Do you have Bayes enabled and are you training it? Also do you have KAM.cf? Regards, kAM
Re: Tone of emails with subject: 'hey'
On Tue, 6 Feb 2018, Philip wrote:
So lately I'm getting LOTS of emails coming directly though the filters so
most likely time to investigate how to create one.
The subject is always 'hey'
Subject: hey
Date: Mon, 29 Jan 2018 09:07:40 +0300
From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Any SA hits at all? Please provide at a minimum that header; better,
upload the entire message (all headers intact) to someplace like pastebin.
Hi josh, my name is Darya and i'm from Russia, but living in the USA. A week
ago, maybe more, I came across your profile on Facebook and now I wan to know
you more. I know it sounds a bit strange, but I believe you had something
like this in your life too :-) If its mutual, email me, this is my email
danielamar...@rambler.ru and I will send some of my photos also answer any of
your questions. Waiting for you, XXX Darya
This sort of thing I'd expect Bayes to catch.
112it4u.ro from the message ID has valid NS entries but the reverse PTR is
invalid.
I don't know whether DNS checks on the hostname in the message-ID would be
worthwhile...
The email always starts, 'hi {mailbox name}, and the text is mostly the same
but the name changes now and then and so does the email address.
Any suggestions on where to start? nOOb here!
Do you have Bayes enabled and are you training it?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
Watch... Wallet... Gun... Knee...-- Denny Crane
---
Tomorrow: the first Falcon Heavy test launch
Tone of emails with subject: 'hey'
So lately I'm getting LOTS of emails coming directly though the filters
so most likely time to investigate how to create one.
The subject is always 'hey'
Subject: hey
Date: Mon, 29 Jan 2018 09:07:40 +0300
From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Hi josh, my name is Darya and i'm from Russia, but living in the USA. A
week ago, maybe more, I came across your profile on Facebook and now I
wan to know you more. I know it sounds a bit strange, but I believe you
had something like this in your life too :-) If its mutual, email me,
this is my email danielamar...@rambler.ru and I will send some of my
photos also answer any of your questions. Waiting for you, XXX Darya
As far as I can see from the different emails:
X-PHP-Originating-Script: 852:class-phpmailer.php
The number is sequential.
112it4u.ro from the message ID has valid NS entries but the reverse PTR
is invalid.
The email always starts, 'hi {mailbox name}, and the text is mostly the
same but the name changes now and then and so does the email address.
Any suggestions on where to start? nOOb here!
Phil
