FWIW Joe's getting jobbed: __
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id j6P3ZTlx009677 for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT) Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com [64.62.181.92]) by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500 From: "Ambulance U. Descant" bouteille@kinki-kids.com To: Info <x> Subject: Hi dear Date: Sun, 24 Jul 2005 00:39:14 -0500 Message-ID: 100101c59012$879febec$06412c2e@kinki-kids.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2605 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 X-GMX-Antivirus: 0 (no virus found) X-UIDL: K,H!!c%?"!Fde!!XT9"!
Hi Try jwSpamSpy, our spam filter for POP3 mailboxes. We use it to track spammers and scammers. Free full featured 30 day evaluation version available!
-- Don't harm innocent bystanders.
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)
Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500
From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
Joe
To: Info <x> Subject: Hi dear Date: Sun, 24 Jul 2005 00:39:14 -0500 Message-ID: 100101c59012$879febec$06412c2e@kinki-kids.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2605 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 X-GMX-Antivirus: 0 (no virus found) X-UIDL: K,H!!c%?"!Fde!!XT9"!
Hi Try jwSpamSpy, our spam filter for POP3 mailboxes. We use it to track spammers and scammers. Free full featured 30 day evaluation version available!
-- Don't harm innocent bystanders.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Monday, July 25, 2005, 12:18:38 AM, Joe Wein wrote:
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)
Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500
From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
Joe
FWIW I'm told the particular proxy sending this is being shut down.
Jeff C. -- Don't harm innocent bystanders.
Joe Wein wrote:
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)
Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500
From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
Would appear more than one source is involved? This one from 80.5.137.111
From - Sun Jul 24 14:04:09 2005 X-Account-Key: account3 X-UIDL: 3130 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: fliptop@guanajuato.com Received: from cpc2-ruth1-5-0-cust111.renf.cable.ntl.com ([80.5.137.111] verified) by X (CommuniGate Pro SMTP 4.3.5) with SMTP id 8636265 for X; Sun, 24 Jul 2005 02:15:58 +0200 Received: from guanajuato.com (guanajuato-com-bk.mr.outblaze.com [64.62.181.94]) by cpc2-ruth1-5-0-cust111.renf.cable.ntl.com (Postfix) with ESMTP id 0B142AA183 for <X>; Sat, 23 Jul 2005 14:18:49 -0500 From: "Preteen V. Slathering" fliptop@guanajuato.com To: Nouce <X> Subject: Hi dear Date: Sat, 23 Jul 2005 14:18:49 -0500 Message-ID: 101101c58fbb$98272312$1adaa87e@guanajuato.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2605 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 X-RAV-Antivirus: This e-mail has been scanned for viruses on host: cpc2-ruth1-5-0-cust111.renf.cable.ntl.com X-Antivirus: AVG for E-mail 7.0.338 [267.9.4]
Hi Try jwSpamSpy, our spam filter for POP3 mailboxes. We use it to track spammers and scammers. Free full featured 30 day evaluation version available!
On Monday, July 25, 2005, 1:54:56 AM, NO SPAM wrote:
Joe Wein wrote:
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
Would appear more than one source is involved? This one from 80.5.137.111
Yes, they're probably using a botnet (zombies, virus infected pcs, hacked servers, etc.) to send.
Jeff C.
on Mon, Jul 25, 2005 at 04:18:38PM +0900, Joe Wein wrote:
FWIW Joe's getting jobbed:
Hi Jeff,
I had three joe jobs against me between December 2003 and February 2004. Since then it had been quiet, but I must say I wasn't entirely surprized that it continued, especially after a PayPal joe job less than two months ago.
Return-Path: bouteille@kinki-kids.com Received: from dbzmail.com ([61.85.57.209]) by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id
j6P3ZTlx009677
for <x>; Sun, 24 Jul 2005 22:35:30 -0500 (CDT)
Received: from kinki-kids.com (kinki-kids-com-bk.mr.outblaze.com
[64.62.181.92])
by dbzmail.com (Postfix) with ESMTP id E5A841602F for <x>; Sun, 24 Jul 2005 00:39:14 -0500
From: "Ambulance U. Descant" bouteille@kinki-kids.com
This seems to be a bulkmailer that inserts fake Outblaze references into the headers to obscure the broadband hosts that are the real sources (or proxies). I've seen other examples with other bogus Outblaze maildomains for the fake sender. According to one admin who monitored the Joe job sources from their site the hosts are running something called "DMS Revolution proxy spam engine".
I've been calling this spamsign "Mobster I. Syphilitic", after one of the best randomly-generated From: headers. It's rather easy to block; and of course the mr.outblaze.com is a 100% positive indicator for spamsign (as a more general rule, the forged Received: header contains the MX record, not the PTR record, for the domain). I've been told (on spam-r) that it's a sign of Alexey Panov's DMS, so it seems your sources and mine are in agreement.
Hi!
FWIW Joe's getting jobbed:
Thats a 'real' Joe Job then ;)
Try jwSpamSpy, our spam filter for POP3 mailboxes. We use it to track spammers and scammers. Free full featured 30 day evaluation version available!
white-prolocation-master:joewein.de
Ohw well ;)
Bye, Raymond.