Some people are too naive. Or desperate.
One
So this is a smart one. The email looks just like a returned mail for email mistyping, and you might wonder “huh, when did I send this?” and click the emf icon to see what it was.
Return-Path: <>
Received: from PROCESS-DAEMON.mail.Macalester.edu by mail.Macalester.edu (PMDF V6.2 #30562) id <0HEJ00101XJPYS@mail.Macalester.edu>; Wed, 07 May 2003 23:52:37 -0500 (CDT) Received: from mail.Macalester.edu (PMDF V6.2 #30562) id <0HEJ00102XJPYR@mail.Macalester.edu>; Wed, 07 May 2003 23:52:37 -0500 (CDT) From: PMDF e-Mail Interconnect <postmast@mac> Subject: Delivery Notification: Delivery has failed To: ykim@mac, postmast@mac Message-id: <0HEJ00105XJPYR@mail.Macalester.edu> MIME-version: 1.0 Content-type: multipart/report; boundary=”Boundary_(ID_ZSfpNt2dWePpUeEPriY/eQ)”; report-type=delivery-status
–Boundary_(ID_ZSfpNt2dWePpUeEPriY/eQ) Content-transfer-encoding: 7BIT
This report relates to a message you sent with the following header fields:
Message-id: <0HEJ0015HXJKA3@mail.Macalester.edu> Date: Wed, 07 May 2003 23:52:32 -0500 (CDT) From: ykim <ykim@mac> To: sshaffer@mac.Macalester.edu Subject: A very excite game Your message cannot be delivered to the following recipients: Recipient address: sshaffer@mac.Macalester.edu Original address: sshaffer@mac. Reason: Illegal host/domain name found
–Boundary_(ID_ZSfpNt2dWePpUeEPriY/eQ) Content-type: message/delivery-status Original-envelope-id: HEJ00102XJKW4@mail.Macalester.edu Reporting-MTA: dns;mail.Macalester.edu (TCP-INTERNAL) Action: failed Status: 5.4.4 (Illegal host/domain name found) Original-recipient: rfc822;sshaffer@mac. Final-recipient: rfc822;sshaffer@mac.Macalester.edu
–Boundary_(ID_ZSfpNt2dWePpUeEPriY/eQ) Content-type: message/rfc822 Return-path: <ykim@mac> Received: from TCP-INTERNAL.mail.Macalester.edu by mail.Macalester.edu (PMDF V6.2 #30562) id <0HEJ00102XJPYR@mail.Macalester.edu>
(original mail from ykim@mac); Wed, 07 May 2003 23:52:37 -0500 (CDT) Received: from ONVERSION-DAEMON.mail.Macalester.edu by mail.Macalester.edu (PMDF V6.2 #30562) id <0HEJ00101XJKW4@mail.Macalester.edu> for
sshaffer@mac.Macalester.edu; Wed, 07 May 2003 23:52:36 -0500 (CDT) Received: from Hctcol (std91.dorms3.macalester.edu [141.140.103.91]) by mail.Macalester.edu (PMDF V6.2 #30562) with SMTP id <0HEJ0015GXJKA3@mail.Macalester.edu> for sshaffer@mac.Macalester.edu; Wed, 07 May 2003 23:52:32 -0500 (CDT) Date: Wed, 07 May 2003 23:52:32 -0500 (CDT) Date-warning: Date header was inserted by mail.Macalester.edu From: ykim <ykim@mac> Subject: A very excite game To: sshaffer@mac.Macalester.edu Message-id: <0HEJ0015HXJKA3@mail.Macalester.edu> MIME-version: 1.0 Content-type: multipart/alternative; boundary=”Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw)”
–Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw)
Hi,This is a excite game This game is my first work.You’re the first player.I hope you would like it.
–Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw) Content-id:
Content-type: TEXT/PLAIN; NAME=Substitute.txt Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=Substitute.txt Content-description: The Original Attachment has been REPLACED
The original document has been removed from this message. Reason for document removal: Example: Possible Virus Detected Name of the original document: install.exe For more information, please see: http://www.Macalester.edu/cit/
CIT Help Desk, +1 651 696 6525 Macalester College, St. Paul, MN
–Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw) Content-type: TEXT/PLAIN –Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw)
Content-id: Content-type: application/octet-stream; name=”zoffsitetopad[1].htm” Content-transfer-encoding: BASE64 Content-disposition: attachment; filename=”zoffsitetopad[1].htm”
PGh0bWw+PGhlY (……………) b3AgYWx0PSJBYm91dCBIb21lIiB
–Boundary_(ID_6iBgsiKUD6p3ykJW/D+Yyw)– –Boundary_(ID_ZSfpNt2dWePpUeEPriY/eQ)–
/>
Return-Path: <jknefel@mac>
Received: from CONVERSION-DAEMON.mail.Macalester.edu by mail.Macalester.edu (PMDF V6.2 #30562) id HEL00401V89Y6@mail.Macalester.edu> for ykim@mail.Macalester.edu (ORCPT ykim@mac); Fri, 09 May 2003 00:57:49 -0500 (CDT) Received: from Irj (std91.dorms3.macalester.edu [141.140.103.91]) by mail.Macalester.edu (PMDF V6.2 #30562) with SMTP id <0HEL0038FV88UW@mail.Macalester.edu> for ykim@mail.Macalester.edu (ORCPT ykim@mac); Fri, 09 May 2003 00:57:45 -0500 (CDT) Date: Fri, 09 May 2003 00:57:44 -0500 (CDT) Date-warning: Date header was inserted by mail.Macalester.edu From: jknefel <jknefel@mac> Subject: Congratulations To: ykim@mac Message-id: <0HEL0038GV88UW@mail.Macalester.edu> MIME-version: 1.0
Content-type: multipart/alternative; boundary=”Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ)”
–Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ) Content-type: text/html Content-transfer-encoding: 7BIT
iframe src=cid:N3fT1du5Nk9 height=0 width=0 /iframe
–Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ) Content-id: Content-type: audio/x-midi; name=Done..bat Content-transfer-encoding: base64 Content-disposition: attachment; filename=Done..bat VqQAAMAAAAEAAA (…………………) AAAAAAAAAAAAAA
–Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ) Content-type: TEXT/PLAIN Content-transfer-encoding: 7BIT
–Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ) Content-id: Content-type: application/octet-stream; name=BRNDLOG.TXT
Content-transfer-encoding: BASE64 Content-disposition: attachment; filename=BRNDLOG.TXT MDkvMDUvMjAwMSAw (…………….) RG9uZS4NCjA5LzA1L
–Boundary_(ID_g/7dOJ71nQ9lBpAvSUnMDQ)–
n random porn offers, esp. when they send you attachments instead of url addresses! And this is somebody with access to the ASA mailing list. Yuck.
Return-Path: <asa@mac>
Received: from CONVERSION-DAEMON.mail.Macalester.edu by mail.Macalester.edu (PMDF V6.2 #30562) id <0HEM00G01NQ00O@mail.Macalester.edu> for ykim@mail.Macalester.edu (ORCPT ykim@mac); Fri, 09 May 2003 11:13:15 -0500 (CDT) Received: from Hjabstvd (std91.dorms3.macalester.edu [141.140.103.91])
by mail.Macalester.edu (PMDF V6.2 #30562) with SMTP id <0HEM00F4RNPZQE@mail.Macalester.edu> for ykim@mail.Macalester.edu
(ORCPT ykim@mac); Fri, 09 May 2003 11:13:11 -0500 (CDT)
Date: Fri, 09 May 2003 11:13:11 -0500 (CDT)
Date-warning: Date header was inserted by mail.Macalester.edu From: asa “asa@mac” Subject: Japanese girl VS playboy To: ykim@mac Message-id: <0HEM00F4TNPZQE@mail.Macalester.edu> MIME-version: 1.0 Content-type: multipart/alternative; boundary=”Boundary_(ID_JYcccMeOEowpXZB0H4oNvw)”
–Boundary_(ID_JYcccMeOEowpXZB0H4oNvw) Content-type: text/html Content-transfer-encoding: 7BIT
iframe src=cid:Nh6s0E3g88a height=0 width=0
/iframe <— What is this?
–Boundary_(ID_JYcccMeOEowpXZB0H4oNvw)
Content-id: Content-type: audio/x-wav; name=not.exe Content-transfer-encoding: base64 Content-disposition: attachment; filename=not.exe
–Boundary_(ID_JYcccMeOEowpXZB0H4oNvw) Content-type: TEXT/PLAIN Content-transfer-encoding: 7BIT
–Boundary_(ID_JYcccMeOEowpXZB0H4oNvw) Content-id:
Content-type: application/octet-stream; name=BRNDLOG.TXT Content-transfer-encoding: BASE64 Content-disposition: attachment; filename=BRNDLOG.TXT -Boundary_(ID_JYcccMeOEowpXZB0H4oNvw)–/>Apply this rule after the message arrives
Where the From line contains ‘ivaluenetwork.com’ or ‘nav
er.com’ or ‘gooddealpc.com’ or ‘bomul.com’ or ‘²Ë’ or ‘todomercado.com’ or ‘darkgalaxy.com’ or ‘dreamwiz.com’ or ‘speedbit.com’ or ‘tp40.net’ or ‘nobelcom.com’ or ‘commonpeople@hotmail.com’ or ‘.kr’ or ‘aldearoja’ or ‘callingcards.com’ or ‘netian.com’ or ‘myobmail.com’ or ‘hanmir.com’ or ‘responsenetwork.net’ or ‘fullcourtoffers.com’ or ‘idealist.org’ or ‘etoll.net’ or ‘responsesystems.org’ or ‘sweepsinc.com’ or ‘crinklepost.net’ or ‘crossgrvpost.net’ or ‘monterey.’ or ‘cavalrymail.com’ or ‘lists.net’ or ‘revivialdist.net’ or ‘etracks.com’ or ‘e-klk.com’ or ‘retaindistribution.net’ or ‘canube123.com’ or ‘obbizopp.com’ or ‘retaindistribution.net’ or ‘codns.com’ or ‘consultant.com’ or ’22its4you.com’ or ‘fiestatwist.net’ or ‘mio@mac’
or Where the Subject line contains ‘±¤°í’ or ‘°_°í’ or ‘°ú¾Ó°í’ or ‘±¤,°í’ or ‘±¤.°í’
Delete it from server
Leave a Reply