Jump to content

Oddball Mail


Recommended Posts

This email was "returned" to me. I didn't send it. This is just asking for me to click blindly and pick up god knows what, right? ( I altered the clickables isp#)


Spam detection software, running on the system "server23.totalchoicehosting.com", has

identified this incoming email as possible spam.  The original message

has been attached to this so you can view it (if it isn't spam) or block

similar future email.  If you have any questions, see

the administrator of that system for details.


Content preview:  Dear Sir/Madam There was an internal error at reception

  of the letter on your letter box. To receive this letter click

  URI:http://204.2.103.***/ here Regards, [...]Content analysis details:  (14.9 points, 5.0 required)


pts rule name              description

---- ---------------------- --------------------------------------------------

0.3 NO_REAL_NAME          From: does not include a real name

0.3 RCVD_NUMERIC_HELO      Received: contains a numeric HELO

1.2 DEAR_SOMETHING        BODY: Contains 'Dear (something)'

0.8 HTML_30_40            BODY: Message is 30% to 40% HTML

0.1 MIME_HTML_ONLY        BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE          BODY: HTML included in message

0.2 NORMAL_HTTP_TO_IP      URI: Uses a dotted-decimal IP address in URL

1.9 DATE_IN_FUTURE_06_12  Date: is 6 to 12 hours after Received: date

3.3 MSGID_FROM_MTA_SHORT  Message-Id was added by a relay

0.5 RCVD_IN_NJABL_DIALUP  RBL: NJABL: dialup sender did non-local SMTP

                            [ listed in dnsbl.njabl.org]

0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS

                            [ listed in dnsbl.sorbs.net]

0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org

                            [ listed in dnsbl.njabl.org]

2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

              [blocked - see <http://www.spamcop.net/bl.shtml?>]

1.6 FORGED_MUA_OUTLOOK    Forged mail pretending to be from MS Outlook

1.1 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format

0.0 CLICK_BELOW            Asks you to click below

1.1 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only


The original message was not completely plain text, and may be unsafe to

open with some email clients; in particular, it may contain a virus,

or confirm that your address can receive spam.  If you wish to view

it, it may be safer to save it to a file and open it with an editor.






Mail Failure Delivery




Sat, 17 Jan 2004 02:22:44 -0500




Dear Sir/Madam


There was an internal error at reception of the letter on your letter box. To receive this letter click here



Mail service


It is wise to ignore this?

Link to comment
Share on other sites

Screams of some sort of malware to me as well. Not sure about a virus, but defintely spam to the Nth degree. Quite possibly SPAM from a browser hijacker.

I have a tst machine here that I could run that IP addy for ya... send me a PM or something.



:) Through PMs I was able to determine for him that this and another suspect message were both SPAM. One seems to have a redirect in there somewhere that took me to a common link that then redirects the victim to the dreaded lop.com site.


Mad!!! WHATEVER YOU DO... DO NOT GO TO LOP.COM. You will spend HOURS getting rid of that hijacker! Mad!!! Mad!!! B)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...