The reporting tool is missing the spamvertised website mentioned in the headers and the body of
the spam below (my email and others obfuscated for privacy reasons). The name of the domain
is workfor375.com.
I had to do the legwork myself and reported that domain, the domain it redirects to (trustedssurveys.com)
and the domain that webpage contains a link to (trustedsurveys.com) as well as all three IP addresses to
their respective hosting/allocating companies.
When I used spamcop on the spam below, all it reported to was Yahoo.
============================================================
Return-path: <thezeroplan128[at]yahoo.com>
Envelope-to: <OBFUSCATED FOR PRIVACY REASONS>
Delivery-date: Sun, 06 May 2012 03:34:52 -0500
Received: from nm16-vm1.bullet.mail.bf1.yahoo.com ([98.139.213.131])
by server509.webhostingpad.com with smtp (Exim 4.69)
(envelope-from <thezeroplan128[at]yahoo.com>)
id 1SQwvY-0047HO-EC
for <OBFUSCATED FOR PRIVACY REASONS>; Sun, 06 May 2012 03:34:52 -0500
Received: from [98.139.212.151] by nm16.bullet.mail.bf1.yahoo.com with NNFMP; 06 May 2012 08:34:47 -0000
Received: from [98.139.212.240] by tm8.bullet.mail.bf1.yahoo.com with NNFMP; 06 May 2012 08:34:47 -0000
Received: from [127.0.0.1] by omp1049.mail.bf1.yahoo.com with NNFMP; 06 May 2012 08:34:47 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 248258.25919.bm[at]omp1049.mail.bf1.yahoo.com
Received: (qmail 95838 invoked by uid 60001); 6 May 2012 08:34:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1336293287; bh=iLdWCppUyJWwtTtwpaXIbQtCd9bWuEy8P1VLHBZrY58=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type; b=pOe5jE9noygec3LcP2Sjhym3zN39aNMDzO3lttjyLv4ZXtBfhSuAEXTLCSYnAGyeF1rOEPwYPpX/zgufkDjB9I1OX/TmpB7QA9ABKWwbAeC6uT6VgkzBlBY8CAdyhPwc2zxLGSErr9xUIu90fQDJZ0uMpQe9NnWnu+EbxLUYgXQ=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type;
b=TQtMk7TgXQUstyeoWuy4IpDHpe+J0e5rmgOjP2I/N6nxZwzXquRJTisZbxZmaTYM4d+ilUxpuaavJRvK7IUQLbz2M//u0U2W1uiGGGDX0pvZrnuKM8jX6ih4wwIvhRTCpA0SSpX0QJX5tCW1F7L7IJjnGwADG7SaBQR/2J6nKDk=;
X-YMail-OSG: hkaRdlgVM1nA_VtrXS9FUDyXbNIPiQWwpyk9_qhcYl91fZx
VT1v0yTlsHH.VWiJ52buboOrlac6qHn6Fe27BqOODJn4zVHpUgTRl3gnCuzq
laRah9rIxXvfaymszNJgt1VbR28ikBURSt1vU10qnvMjS1.8omc7ubB6V0_a
3U5dFqmypzclf0XLA_ViVk7NNvgM.uExTBVVX2nsppmaZQMo8veRRGuYjAWi
OhdDO8HXOMtn4jEXDOu9p6VG1iCJ1Cddz9_71lJZuNCpgQ7ApubIRmb3yptO
6fXZaQbNGRlbIEe_OCTmGmfgfsoPj8o3sHe.r_Dit4ngxjegnh6_lyfIz85c
L40gRPiZj1FWPpROvutCUgPZeieeR5y1IyAtpZNuOXatv4pGxAy5PZuX3.uw
PkURDkjX3wq8hhUSdPO5dUA36jBdNYRQIzHYv8nhp6KfoEEuU.ymszV7vetj
htwBD4eh07UKioGBvrbiJ465XCcGfIFGjfOE.YD8xCnZKiaKSxX.fhlBM3_B
NqFcztSaPfspD4EafY4IO4v_mnMp9x9IJ6ALhyFn0JORf2HRyZjYBtdnMVXW
pWWpJ0cQ2ykCeVbe0_40MQUhpKRku3YU-
Received: from [178.88.10.39] by web161802.mail.bf1.yahoo.com via HTTP; Sun, 06 May 2012 01:34:47 PDT
X-Mailer: YahooMailWebService/0.8.117.340979
Message-ID: <1336293287.86220.YahooMailRC[at]web161802.mail.bf1.yahoo.com>
Date: Sun, 6 May 2012 01:34:47 -0700 (PDT)
From: Jake Bufton <thezeroplan128[at]yahoo.com>
Reply-To: Jake Bufton <thezeroplan128[at]yahoo.com>
Subject: hey, i have a question about your ad
To: mikaisme at hotmail dot com [NOTE: probably a test address or a mailing list address]
Cc: <OBFUSCATED FOR PRIVACY REASONS>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-spam-Status: No, score=1.7
X-spam-Score: 17
X-spam-Bar: +
X-Ham-Report: spam detection software, running on the system "server509.webhostingpad.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hey, I like working with people that post ads online, since
I already know that you basically know your way around a computer. I need
a few people here in town for some part-time help with some online work that
I have. The work is very easy, but it's too much for me to by myself, so
I thought that I'd email a few people and see if you'd be interested. [...]
Content analysis details: (1.7 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[98.139.213.131 listed in list.dnswl.org]
1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[uRIs: workfor375.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(thezeroplan128[at]yahoo.com)
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(jake bufton <thezeroplan128[at]yahoo.com>
)
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (thezeroplan128[at]yahoo.com)
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
[uRIs: workfor375.com]
X-spam-Flag: NO
Hey,
I like working with people that post ads online,
since I already know that you basically know your
way around a computer. I need a few people here
in town for some part-time help with some online
work that I have. The work is very easy, but it's too
much for me to by myself, so I thought that I'd email
a few people and see if you'd be interested.
Just go to my website for more information
and to apply if you're interested:
WorkFor375.com
Just copy and paste the above link
into your web browser.
****************************************
If you don't want to receive any
more email from us, just go to
WorkFor375.com/remove
****************************************