 Fraudulent Emails Sent -=your Hosting Is Suspended=- "this Is Spam" And Not From Admins At Trap., Be aware that fake suspension emails are sent. |
|
|
|
|
  |
 Mar 26 2005, 04:52 PM
Post
#11
|
|
|
Super Member  Group: Members Posts: 324 Joined: 23-January 05 From: India Member No.: 3,388  |
need to kill that spammer man it is driving users out of trap17 what opaque goona do any?
maybe nisc have an idea? |
 |
 
|
|
Mar 26 2005, 05:04 PM
Post
#12
|
|
|
PhilosopherX Group: Members Posts: 106 Joined: 5-February 05 From: Planet X Member No.: 3,613 |
I got this too email too. This is what I was able to "extract", if this is what you are looking for.
QUOTE X-Message-Status: n X-SID-Result: Fail X-Message-Info: 6sSXyD95QpXHYuw+I5OMr7kZym7Y8v2LWNN+HWU0uJg= Received: from dasher.psychz.net ([69.50.187.114]) by mc11-f3.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 26 Mar 2005 03:06:34 -0800 Received: from trap17 by dasher.psychz.net with local (Exim 4.44) id 1DF91S-00036s-Hu; Sat, 26 Mar 2005 03:00:06 -0800 To: son_dawg[at]hotmail[dot]com (<--- this is me!!) Subject: : HOSTING ACCOUNT SUSPENDED. MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 To: son_dawg[at]hotmail[dot]com (<--- this is me!!) From: Management <administrator@> Message-Id: <E1DF91S-00036s-Hu@dasher.psychz.net> Date: Sat, 26 Mar 2005 03:00:06 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - dasher.psychz.net X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [32257 32258] / [47 12] X-AntiAbuse: Sender Address Domain - dasher.psychz.net X-Source: X-Source-Args: X-Source-Dir: Return-Path: trap17@dasher.psychz.net X-OriginalArrivalTime: 26 Mar 2005 11:06:34.0986 (UTC) FILETIME=[DFB40CA0:01C531F3] If there is any sensitive information here, Admin, please remove it for me to protect my email account. Thanks. |
|
|
|
|
Mar 26 2005, 05:08 PM
Post
#13
|
|
|
Administrator Group: Members Posts: 377 Joined: 28-December 04 From: USA Member No.: 2,992 |
for me to be able to report them I have to have the headers within 24 hours. The faster I get them the easier it is to track the spammer down and report him/her. I need the full extracted headers in a PM do not -=mung=- your email address or the ip that it was received at. If you mung the text my parser show an error and stop processing the spam. I use munging when I report the email so any response to that report will go to me and not any of your email addresses.
Nils |
|
|
|
|
Mar 26 2005, 05:19 PM
Post
#14
|
|
|
Administrator Group: Members Posts: 377 Joined: 28-December 04 From: USA Member No.: 2,992 |
Because it's missing parts the parser fails. What I need is the whole email with headers, unchanged.. PM it to me because you don't wanna post you email address on the board. I don't send out any report without -=munging the email address and any other info=- This is an example on munging
 To: son_dawg[at]hotmail[dot]com (<--- this is me!!)QUOTE X-Message-Status: n
X-SID-Result: Fail X-Message-Info: 6sSXyD95QpXHYuw+I5OMr7kZym7Y8v2LWNN+HWU0uJg= Received: from dasher.psychz.net ([69.50.187.114]) by mc11-f3.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 26 Mar 2005 03:06:34 -0800 Received: from trap17 by dasher.psychz.net with local (Exim 4.44) id 1DF91S-00036s-Hu; Sat, 26 Mar 2005 03:00:06 -0800 To: son_dawg[at]hotmail[dot]com (<--- this is me!!) Subject: : HOSTING ACCOUNT SUSPENDED. MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 To: son_dawg[at]hotmail[dot]com (<--- this is me!!) From: Management <administrator@> Message-Id: <E1DF_________s-Hu@dasher.psychz.net> Date: Sat, 26 Mar 2005 03:00:06 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - dasher.psychz.net X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [32257 32258] / [47 12] X-AntiAbuse: Sender Address Domain - dasher.psychz.net X-Source: X-Source-Args: X-Source-Dir: Return-Path: trap17@dasher.psychz.net X-OriginalArrivalTime: 26 Mar 2005 11:06:34.0986 (UTC) FILETIME=[DFB40CA0:01C531F3] View entire message Parsing header: 0: Received: from dasher.psychz.net ([69.50.187.114]) by mc11-f3.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 26 Mar 2005 03:06:34 -0800 Hostname verified: dasher.psychz.net Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. |
|
|
|
|
Mar 28 2005, 10:54 PM
Post
#16
|
|
|
Moderator Group: Members Posts: 2,325 Joined: 8-March 05 From: Mawson, Antarctica Member No.: 4,254 |
Yeah, I got that email today. The thing is, though, I have 124.4 hosting days left as of now, so there is no way my account is in danger.
|
|
|
|
|
Mar 29 2005, 05:25 AM
Post
#17
|
|
|
Super Member Group: Members Posts: 290 Joined: 6-September 04 Member No.: 1,029 |
QUOTE(Galahad @ Mar 26 2005, 10:21 AM) Well, I received a certain e-mail from "Management <administrator>", and I forwarded it to Trap 17 abuse email. Here are full headers from that e-mail... CODE X-Apparently-To: =my_email=@yahoo.com via 216.155.196.65; Thu, 17 Mar 2005 00:05:54 -0800 Authentication-Results: mta140.mail.dcn.yahoo.com from=; domainkeys=neutral (no sig) X-Originating-IP: [69.50.187.114] Return-Path: <trap17@dasher.psychz.net> Received: from 69.50.187.114 (EHLO dasher.psychz.net) (69.50.187.114) by mta140.mail.dcn.yahoo.com with SMTP; Thu, 17 Mar 2005 00:05:38 -0800 Received: from trap17 by dasher.psychz.net with local (Exim 4.44) id 1DBpvF-0001LX-DW; Thu, 17 Mar 2005 00:00:01 -0800 To: =my_email=@yahoo.com Subject: : HOSTING ACCOUNT SUSPENDED. MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 To:=my_email=@yahoo.com From: Management <administrator@> Date: Thu, 17 Mar 2005 00:00:01 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - dasher.psychz.net X-AntiAbuse: Original Domain - yahoo.com X-AntiAbuse: Originator/Caller UID/GID - [32257 32258] / [47 12] X-AntiAbuse: Sender Address Domain - dasher.psychz.net X-Source: X-Source-Args: X-Source-Dir: Content-Length: 849 Now, I dont think that Trap 17 admins have administrator@ email... Nor that they would send account suspension notices from administrators e-mail... I could be wrong though... However, trap17@dasher.psychz.net is definitely a suspicious e-mail address, for someone like Trap 17 to use I mean, they provide web hosting, paid AND free, would they use some weird mail server, or just use something@trap17.com? Hope they catch this lamer  I tried to access dasher.psychz.net, and all it did was refer me to its cpanel. that makes it that much more suspiscious |
|
|
|
|
Mar 29 2005, 09:10 AM
Post
#18
|
|
|
Newbie [Level 2] Group: Members Posts: 34 Joined: 16-October 04 Member No.: 1,773 |
QUOTE(EricDrinkard @ Mar 21 2005, 04:55 AM) Some one or some thing is sending out emails to the cpanel users of trap17.com stating that their account is suspended. The email looks legit, however your host |