cancel
Showing results for 
Search instead for 
Did you mean: 

how did this one get through

pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

how did this one get through

Return-path: <knives_7@hotmail.com>
Envelope-to: craft@p.idps.co.uk
Delivery-date: Sun, 05 Apr 2009 09:23:13 +0100
Received: from [212.159.7.38] (helo=mx.ptn-ipin03.plus.net)
  by pih-inmx03.plus.net with esmtp (PlusNet MXCore v2.00) id 1LqNdJ-0001Ob-Dm
  for craft@p.idps.co.uk; Sun, 05 Apr 2009 09:23:13 +0100
Authentication-Results: mx.ptn-ipin03.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=65.55.90.174;
  receiver=mx.ptn-ipin03.plus.net;
  envelope-from="knives_7@hotmail.com";
  x-sender="knives_7@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: Pass identity=mailfrom; client-ip=65.55.90.174;
  receiver=mx.ptn-ipin03.plus.net;
  envelope-from="knives_7@hotmail.com";
  x-sender="knives_7@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=65.55.90.174;
  receiver=mx.ptn-ipin03.plus.net;
  envelope-from="knives_7@hotmail.com";
  x-sender="postmaster@snt0-omc3-s35.snt0.hotmail.com";
  x-conformance=sidf_compatible
X-SBRS: 4.6
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ar8HAEMH2ElBN1qukmdsb2JhbACCJi6EGI85AQEBAQkLCgcPW6JkjzSCSoFFBg
X-IronPort-AV: E=McAfee;i="5300,2777,5574"; a="57671211"
X-IronPort-AV: E=Sophos;i="4.39,325,1235952000";
   d="scan'208,217";a="57671211"
Received: from unknown (HELO snt0-omc3-s35.snt0.hotmail.com) ([65.55.90.174])
  by mx.ptn-ipin03.plus.net with ESMTP; 05 Apr 2009 09:23:10 +0100
Received: from SNT108-W63 ([65.55.90.136]) by snt0-omc3-s35.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 5 Apr 2009 01:23:08 -0700
Message-ID: <SNT108-W63F2974C95A554534ADE0FAB870@phx.gbl>
X-Originating-IP: [123.149.2.64]
From: =?ks_c_5601-1987?B?w9ax4sjG?= <knives_7@hotmail.com>
To: <craft@p.idps.co.uk>
Date: Sun, 5 Apr 2009 17:23:07 +0900
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 05 Apr 2009 08:23:08.0024 (UTC) FILETIME=[BFF2A780:01C9B5C7]
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: re:
X-Antivirus: AVG for E-mail 8.5.285 [270.11.41/2041]
Content-Type: multipart/mixed; boundary="=======AVGMAIL-49D9A7CF0000======="

--=======AVGMAIL-49D9A7CF0000=======
Content-Type: multipart/alternative;
boundary="_2c8b1a69-2ac7-4c50-a111-2776666df7df_"

--_2c8b1a69-2ac7-4c50-a111-2776666df7df_
Content-Type: text/plain; charset="ks_c_5601-1987"
Content-Transfer-Encoding: 8bit

Dear friends:
    Do you want to buy the lowest price and the best quality products ? Then you can come to our website: bestshopele.com . we can offer you all kinds of electronic products . such as :laptop computers, digital cameras, digital  video cameras, gps, cell phones, MP3, MP4, game consoles and so on . we will offer the most competitive  price and the best services for you . Hope we can have a long and good business relationship ! we expect your coming !
Yours Faithfull
bestshopele.com
_________________________________________________________________
½´ÆÛÁִϾî¿Í ¸Þ½ÅÀú Ä£±¸µµ ¸Î°í, ¹æ¸í·Ï¿¡ ÃàÇÏ ´ñ±ÛÀ» ´Þ¸é ¼±¹°À» µå·Á¿ä.
http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=1217
--_2c8b1a69-2ac7-4c50-a111-2776666df7df_
Content-Type: text/html; charset="ks_c_5601-1987"
Content-Transfer-Encoding: 8bit
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 9pt;
font-family:±¼¸²
}
</style>
</head>
<body class='hmmessage'>
<DIV>
<DIV><FONT size=3><FONT face="Comic Sans MS">Dear friends: <BR>&nbsp;&nbsp;&nbsp; Do you want to buy the lowest price and the best quality products ? Then you can come to our website: </FONT><FONT face=Tahoma color=#e36c09><STRONG>bestshopele.com</STRONG></FONT></FONT><FONT face="Comic Sans MS" size=3> . we can offer you all kinds of electronic products . such as :laptop computers, digital cameras, digital&nbsp; video cameras, gps, cell phones, MP3, MP4, game consoles and so on . we will offer the most competitive&nbsp; price and the best services for you . Hope we can have a long and good business relationship ! we expect your coming !<BR></FONT><FONT size=3><FONT face="Comic Sans MS">Yours Faithfull<BR></FONT><FONT face=Tahoma color=#e36c09><STRONG>bestshopele.com</STRONG></FONT></FONT></DIV></DIV><br /><hr />½´ÆÛÁִϾî¿Í ¸Þ½ÅÀú Ä£±¸µµ ¸Î°í, <a href='http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=1217' target='_new'>¹æ¸í·Ï¿¡ ÃàÇÏ ´ñ±ÛÀ» ´Þ¸é ¼±¹°À» µå·Á¿ä.</a></body>
</html>
--_2c8b1a69-2ac7-4c50-a111-2776666df7df_--
--=======AVGMAIL-49D9A7CF0000=======
Content-Type: multipart/alternative;
boundary="=======AVGMAIL-49D9A7CF0000======="
--=======AVGMAIL-49D9A7CF0000=======
Content-Type: text/plain; x-avg=cert; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Description: "AVG certification"

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.285 / Virus Database: 270.11.41/2041 - Release Date: 04/04/09 1=
6:53:00
--=======AVGMAIL-49D9A7CF0000=======--
--=======AVGMAIL-49D9A7CF0000=======--
Moderator's Note: Made all the links non-clickable for safety - David (spraxyt)
6 REPLIES
Superuser
Superuser
Posts: 8,878
Thanks: 411
Fixes: 36
Registered: 06-04-2007

Re: how did this one get through

Have you forwarded it as an attachment to spam@spamtraining.plus.com?
David
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: how did this one get through

no does that still aply to IronPort?
Superuser
Superuser
Posts: 8,878
Thanks: 411
Fixes: 36
Registered: 06-04-2007

Re: how did this one get through

As far as I know it does. Nothing to lose by doing it anyway.
David
Community Veteran
Posts: 26,345
Thanks: 600
Fixes: 8
Registered: 10-04-2007

Re: how did this one get through

http://www.plus.net/support/security/spam/reporting_spam_emails.shtml
However:
Quote
This page last updated 28th October 2008

So it may not be right. Were we not given an Ironport/Senderbase email address?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Veteran
Posts: 26,345
Thanks: 600
Fixes: 8
Registered: 10-04-2007

Re: how did this one get through

Found something:
Quote from: Bob
I was discussing the reporting of false positives/negatives with a few people the other day and we came to the conclusion that we're going to look at forwarding email sent to our spam training addresses to the IronPort spam training addresses referenced here. If you're interested in downloading a copy of the Outlook plugin that's mentioned on that page then you shouldn't have too many difficulties finding a copy with a bit of Googling.

Why haven't the help pages been updated?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: how did this one get through

well if somebody (BP) want to do that feel free, the full mail is above Cheesy