Bogus whitelisting

Jon Etkins 6 May 2004 05:08:15 -0000

I received the following Nigerian scam today.  What makes it
interesting is the fact that it picked up a -100 for supposedly being
in my whitelist, yet my whitelist contains nothing even remotely
resembling the FROM address used.  I do, however, have a wildcard entry
for ebay.com (which I'll now go change); is it possible that this got
whitelisted because of the bogus Return-Path?



Return-Path: <[EMAIL PROTECTED]>
Received: from mailin1.pacific.net.au ([61.8.0.80]) by
pob1.pacific.net.au
          (Post.Office MTA v3.5.3 release 223 ID# 0-53829L2S100V35)
          with ESMTP id au for <[EMAIL PROTECTED]>;
          Thu, 6 May 2004 14:13:21 +1000
Received: from ebay.com (asd-slod-1daf2.adsl.wanadoo.nl
[81.69.248.242])
        by mailin1.pacific.net.au (8.12.3/8.12.3/Debian-6.6) with SMTP
id i464DHeT002176
        for <[EMAIL PROTECTED]>; Thu, 6 May 2004 14:13:20 +1000
Date: Thu, 6 May 2004 14:13:17 +1000
Message-Id: <[EMAIL PROTECTED]>
From: JAMES  KEMBA <[EMAIL PROTECTED]>
To: eccles <[EMAIL PROTECTED]>
Subject: URGENT  ASSISTANCE
X-Priority: 3
X-MSMail-Priority: Normal
Reply-To: JAMES  KEMBA <[EMAIL PROTECTED]>
mime-version: 1.0
content-type: multipart/mixed;
        boundary="qzsoft_directmail_seperator"
X-Spam-Checker-Version: SpamAssassin 2.63-je_2004_04_28 (2004-01-11) on

        jetkins.snikte.net
X-Spam-Languages: 
X-Spam-Report: 
        *  2.7 NIGERIAN_SUBJECT2 Subject is indicative of a Nigerian
spam
        *  0.6 J_CHICKENPOX_63 BODY: {6}Letter - punctuation -
{3}Letter
        *  0.5 RISK_FREE BODY: Risk free.  Suuurreeee....
        *  1.6 BAYES_60 BODY: Bayesian spam probability is 60 to 70%
        *      [score: 0.6606]
        *  1.0 MIME_BASE64_TEXT RAW: Message text disguised using
base64 encoding
        * -100 USER_IN_WHITELIST From: address is in the user's
white-list
        *  1.6 NO_DNS_FOR_FROM Domain in From header has no MX or A DNS
records
        *  0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
        *      [<http://dsbl.org/listing?ip=81.69.248.242>]
        *  1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
        *      [Blocked - see
<http://www.spamcop.net/bl.shtml?81.69.248.242>]
        *  1.2 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
        *      [<http://www.spamhaus.org/query/bl?ip=81.69.248.242>]
        *  1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no
X-MimeOLE
        *  1.2 PRIORITY_NO_NAME Message has priority setting, but no
X-Mailer
        *   48 AWL AWL: Auto-whitelist adjustment
X-Spam-Status: No, hits=-37.9, required=4.8, autolearn=no

--qzsoft_directmail_seperator
Content-Type: text/plain;
        charset="DEFAULT"
Content-Transfer-Encoding: base64

[MIME content removed]

--qzsoft_directmail_seperator--

Bogus whitelisting

Reply via email to