-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Larry Rosenman writes:
Why is cgt-consult.com on WS?
...
I talked to the admin, and they had been hacked, and used as a spam source. They've cleaned up the mess, and have secured the machine.
?? hacked? I wouldn't be so sure.
Based on the spam I got, it looks a lot more like they scraped, or bought a dirty list of scraped addresses.
Here's one of my spamples, in full -- I've munged the address, but believe me, it's 100% spamtrap, appears only on web pages, and has never opted in for anything ever. ;)
- --j.
Received: from mail.cgt-consult.com (mail.cgt-consult.com [63.200.10.187]) by amgod.boxhost.net (Postfix) with ESMTP id B28223104F6 for SPAMTRAPADDRESS@DOMAIN.org; Wed, 18 Aug 2004 20:51:46 +0100 (IST) Received: by h30s5a32n192.user.nortelnetworks.com with Internet Mail Service (5.5.2653.19) id <PD7R3FK8>; Wed, 18 Aug 2004 11:52:43 -0700 Message-ID: D907845967FCD7118A2C000C6EC0B8ED01E7ABA9@h30s5a32n192.user.nortelnetworks.com From: Consultants Consultants9@cgt-consult.com To: "'SPAMTRAPADDRESS@DOMAIN.org'" SPAMTRAPADDRESS@DOMAIN.org Subject: IT Staffing Date: Wed, 18 Aug 2004 11:52:33 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C48554.85469900" X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.0-rc1-r36452 (2004-08-16) on dogma.slashnull.org X-Spam-RBL: dns:cgt-consult.com.fulldom.rfc-ignorant.org [127.0.0.4] dns:cgt-consult.com?type=MX [10 mail.cgt-consult.com.] dns:187.10.200.63.list.dsbl.org?type=TXT ["http://dsbl.org/listing?ip=63.200.10.187"] dns:cgt-consult.com.rhsbl.ahbl.org [127.0.0.2] dns:187.10.200.63.bl.spamcop.net?type=TXT ["Blocked - see http://www.spamcop.net/bl.shtml?63.200.10.187"] dns:187.10.200.63.ipwhois.rfc-ignorant.org?type=TXT ["63.200.10.187 has inaccurate or missing WHOIS data at the RIR"] dns:cgt-consult.com [63.200.10.187] dns:187.10.200.63.combined.njabl.org [127.0.0.4] X-Spam-Report: * 0.5 OPTING_OUT BODY: Talks about opting out (lowercase version) * 0.1 MAILTO_TO_REMOVE URI: Includes a 'remove' email address * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5372] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_40_50 BODY: Message is 40% to 50% HTML * 0.5 MAILTO_SUBJ_REMOVE RAW: mailto URI includes removal text * 1.7 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in ipwhois.rfc-ignorant.org * [63.200.10.187 has inaccurate or missing WHOIS] [data at the RIR] * 1.8 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source * [63.200.10.187 listed in combined.njabl.org] * 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [http://dsbl.org/listing?ip=63.200.10.187] * 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see http://www.spamcop.net/bl.shtml?63.200.10.187] * 0.3 DNS_FROM_AHBL_RHSBL RBL: From: sender listed in dnsbl.ahbl.org * 1.5 URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist * [URIs: cgt-consult.com] * -0.2 AWL AWL: From: address is in the auto white-list X-Spam-Status: Yes, score=11.2 required=5.0 tests=AWL,BAYES_50, DNS_FROM_AHBL_RHSBL,HTML_40_50,HTML_MESSAGE,MAILTO_SUBJ_REMOVE, MAILTO_TO_REMOVE,OPTING_OUT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL, RCVD_IN_NJABL_SPAM,RCVD_IN_RFC_IPWHOIS,URIBL_WS_SURBL autolearn=no version=3.0.0-rc1-r36452 X-Spam-Level: *********** Status: O X-UID: 72038 X-Keywords:
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
------_=_NextPart_001_01C48554.85469900 Content-Type: text/plain
Hi
What IT / Engineering technical requirements can I help you with currently at your company? How about any offshore development? Do you need help with any off-site /on-site projects?
We have consultants that are strong as Project Manager, QA Analyst, Web Developers, DBA's, Systems Administrators ... etc.
We can take on responsibility for development / maintenance of projects too. These can be developed at your location or our development centers either in S. California or N. California. CGT Consulting Inc. is an IT/Engineering consulting and placement firm with expertise in web, wireless, networking, ERP (PeopleSoft, SAP, Oracle), and CRM technologies.
How can I help you today?
Naren Mistry Manager of Consulting Services CGT Consulting Inc. 18032-C Lemon Drive, Suite 350 Yorba Linda, CA 92886 Tel: (714) 572-1055 Fax: (714) 364-9705 naren@cgt-consult.com www.cgt-consult.com
Email-id: SPAMTRAPADDRESS@DOMAIN.org
CGT Consulting Privacy Policy: http://www.cgt-consult.com/privacy Can Spam Compliant To opt-out of future correspondence, please send an email mailto:consultants@cgt-consult.com?subject=Remove-Company or reply with "REMOVE" in the subject heading and include SPAMTRAPADDRESS@DOMAIN.org in the body of your email.
------_=_NextPart_001_01C48554.85469900 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>IT Staffing</TITLE> </HEAD> <BODY>
<P><FONT SIZE=3D2>Hi </FONT> </P>
<P><FONT SIZE=3D2>What IT / Engineering technical requirements can I = help you with currently at your company? How about any offshore = development? Do you need help with any off-site /on-site = projects?</FONT></P>
<P><FONT SIZE=3D2>We have consultants that are strong as Project = Manager, QA Analyst, Web Developers, DBA's, Systems Administrators ... = etc. </FONT></P>
<P><FONT SIZE=3D2>We can take on responsibility for development / = maintenance of projects too. These can be developed at your location or = our development centers either in S. California or N. = California.</FONT></P>
<P><FONT SIZE=3D2>CGT Consulting Inc. is an IT/Engineering consulting = and placement firm with expertise in web, wireless, networking, ERP = (PeopleSoft, SAP, Oracle), and CRM technologies.</FONT></P>
<P><FONT SIZE=3D2>How can I help you today? </FONT> </P>
<P><FONT SIZE=3D2>Naren Mistry</FONT> <BR><FONT SIZE=3D2>Manager of Consulting Services</FONT> <BR><FONT SIZE=3D2>CGT Consulting Inc.</FONT> <BR><FONT SIZE=3D2>18032-C Lemon Drive, Suite 350</FONT> <BR><FONT SIZE=3D2>Yorba Linda, CA 92886</FONT> <BR><FONT SIZE=3D2>Tel: (714) 572-1055</FONT> <BR><FONT SIZE=3D2>Fax: (714) 364-9705</FONT> <BR><FONT SIZE=3D2>naren@cgt-consult.com </FONT> <BR><FONT SIZE=3D2>www.cgt-consult.com</FONT> </P> <BR>
<P><FONT SIZE=3D2>Email-id: SPAMTRAPADDRESS@DOMAIN.org</FONT> </P> <BR>
<P><FONT SIZE=3D2>CGT Consulting Privacy Policy: <A = HREF=3D"http://www.cgt-consult.com/privacy" = TARGET=3D"_blank">http://www.cgt-consult.com/privacy</A> Can Spam = Compliant</FONT> <BR><FONT SIZE=3D2>To opt-out of future correspondence, please send an = email <A = HREF=3D"mailto:consultants@cgt-consult.com?subject=3DRemove-Company">mai= lto:consultants@cgt-consult.com?subject=3DRemove-Company</A> or reply = with "REMOVE" in the subject heading and include = SPAMTRAPADDRESS@DOMAIN.org in the body of your email. = </FONT></P>
</BODY> </HTML> ------_=_NextPart_001_01C48554.85469900--