cancel
Showing results for 
Search instead for 
Did you mean: 

Unusual spam notification - new or sinister?

Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Unusual spam notification - new or sinister?

I've just had a spam notification which isn't of the form usually sent. Also, the full headers are considerably shorter than is usually the case.

Is this something new and more efficient, an experiment, or something sinister happening within the PlusNet mail server? All previous spam notifications have started with 'DearCustomer' and were obviously sent by Customer Support.

Here is what I'm talking about:

From: canijo@jiaboo.com
Subject: Photoshop, Windows, Office
Date: 8 June 2006 12:40:52 BDT
To: ******@sybilandbarry.plus.com
Envelope-To: ******@sybilandbarry.plus.com
Delivery-Date: Thu, 08 Jun 2006 05:40:05 +0100
Received: by ptb-mxcore19.plus.net with spam-scanned (PlusNet MXCore v2.00) id 1FoCJQ-00083u-M7 for ******@sybilandbarry.plus.com; Thu, 08 Jun 2006 05:40:05 +0100
Received: from localhost by ptb-mxcore19 with SpamAssassin (version 3.0.3); Thu, 08 Jun 2006 05:40:04 +0100
Message-Id: <000001c68ab5$202a6200$0100007f@localhost>
X-Spam-Flag: YES
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4487AA24.6F24777F"

Spam detection software, running on the system "ptb-mxcore19", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Special Offer Adobe Video Collection Adobe Premiere
1.5 Professional Adobe After Effects 6.5 Professional Adobe Audition
1.5 Adobe Encore DVD 1.5 $149.95 More Info >> Microsoft 2 in 1 MS
Windows XP Pro MS Office 2003 Pro [...]

Content analysis details: (10.4 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.2 INVALID_DATE Invalid Date: header (not RFC 2822)
1.3 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
1.0 ALL_TRUSTED Did not pass through any untrusted hosts
0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4927]
1.2 SARE_OEM_S_DOL RAW: One strike, you're out
1.0 SARE_OEM_S_PRICE RAW: CSS style that ends with price
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
1.5 SARE_OEM_A_2 More common OEM spam phrases
2.0 SARE_OEM_A_1 Common OEM spam phrases
0.8 SARE_OEM_PRODS_1 SARE_OEM_PRODS_1
0.9 SARE_OEM_PRODS_FEW SARE_OEM_PRODS_FEW
0.4 SARE_PRODUCTS_02 SARE_PRODUCTS_02

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
-----------------------------
Then follows an email of the usual sort selling cheap software for Windoze (which is of absolutely no interest to me as I use a Mac!) of which I've had dozens before which have never been picked up as spam by PlusNet..

At the very end is the usual PlusNet message saying the email has been verified as virus free.
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
5 REPLIES
N/A

Unusual spam notification - new or sinister?

LOL
Quote
Windoze


PN have had a fair bit of heat recently about their spam filtering rules, so perhaps this is the result of a change to their spam system?
Do you still get the old style messages you speak of too?

(I have never had a spam notification message from PN to compare to)

Moderators note by John (johnessex) Duplicate post removed.
Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Unusual spam notification - new or sinister?

Yes, I wondered if it was something new but as nothing has been said I thought it would be worth seeing if anyone else here knew, rather than raising a ticket.

The last actual notification I had was a Virus Alert over the weekend (telling me the address the email came from, the subject line and what sort of virus appeared to be included) and yesterday I had spam marked with the [-SPAM-] addition to the header as is usual.

A lot of spam that comes through is totally ignored by PlusNet but picked up and marked by my Mail program, so still ends up in my spam folder as also happened with this one.
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Unusual spam notification - new or sinister?

I've now had some spam come through today that was marked normally with the [-SPAM-] bit in the subject line.

Can anyone tell me if they've had anything arrive like the one I'm querying? It does seem rather odd in that the message says it might contain a virus, yet the usual PlusNet 'virus free' message appears at the bottom. Quite apart from the very short 'full headers', that is.

Is this evidence of a new spam detecting experiment running on maybe one or two servers perhaps?
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Unusual spam notification - new or sinister?

Hi,

Can you do me a huge favour and post this along with the full headers of the message over on the Usergroup forums.

http://usergroup.plus.net/forum/

I would normally raise this internally, however a similar email was raised by the usergroup earlier this week. Our nerwork team could not exaplain the cause of this.

As such, if further examples can be collated, we can locate and find the problem.

Kind Regards,
Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Unusual spam notification - new or sinister?

Have posted it over there now on the relevant thread. I've copied the raw message source rather than just copying off the email, as that gives more detail as to the origins than shown here.

Hope it helps give a clue as to what's happening.

Just after posting this, I had a second similar email to a different address on my PlusNet account, so have posted it over there rather than here.
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls