- Code: Select all
Received: from aaliptha.com (dns1.aaliptha.com [184.108.40.206])
by x (8.13.6/8.13.6) with ESMTP id n8CCPDZR029294
for <spurious@localhost>; Sat, 12 Sep 2009 08:25:16 -0400
Received: (qmail 27364 invoked by uid 33); 12 Sep 2009 12:46:26 -0000
Date: 12 Sep 2009 12:46:26 -0000
Subject: Subject: **ACCOUNT SECURITY UPGRADE**
From: "support@x" <support@x>
X-SpamBouncer: 2.2 (04/16/06)
X-SBNote: From Admin
X-SBRule: Received IP: 220.127.116.11 is in no-more-funn (spam sources)
X-SBNote: Spamcop Standard Report submitted.
Subject: **ACCOUNT SECURITY UPGRADE**
A new email server with secure E-mail has been implemented and configuration to replace old CS email server. As a result, we are shutting down your account.
To confirm your active/inactive account you, are required to send us your E-mail account details listed below for verification. These information would be needed to verify your account and to avoid being shut down;
Click on reply and fill the information below correctly.
* User name:
* Password Again:
* Date of Birth:
Warning!!! All account owner are advised to follow this instruction immediately to avoid loosing your email account permanently.
Thanks for your understanding!
.:: WEBMAIL ADMINISTRATOR::.
The sending network is bogus and blocklisted, but the Reply-to network is particularly interesting:
- Code: Select all
$ dig mx mail2webmaster.com
; <<>> DiG 9.2.3rc4 <<>> mx mail2webmaster.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22711
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;mail2webmaster.com. IN MX
;; ANSWER SECTION:
mail2webmaster.com. 86400 IN MX 10 publicms2.mail2world.com.
mail2webmaster.com. 86400 IN MX 5 publicms1.mail2world.com.
;; AUTHORITY SECTION:
mail2webmaster.com. 172724 IN NS ns02.mail2world.com.
mail2webmaster.com. 172724 IN NS ns01.mail2world.com.
;; Query time: 121 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 12 10:52:21 2009
;; MSG SIZE rcvd: 137
These four hosts are on four entirely different networks:
$ host publicms2.mail2world.com
publicms2.mail2world.com has address 18.104.22.168
$ host publicms1.mail2world.com
publicms1.mail2world.com has address 22.214.171.124
$ host ns02.mail2world.com
ns02.mail2world.com has address 126.96.36.199
$ host ns01.mail2world.com
ns01.mail2world.com has address 188.8.131.52
mail2world, Inc SAVV-S265634-1 (NET-209-67-128-0-1)
184.108.40.206 - 220.127.116.11
Reported to SAVVIS, though I don't expect much to come of that.