Jump to content
Sign in to follow this  
johnsenchak

IronPort spam Quarantine Notification (leaked data)

Recommended Posts

First , Thanks "turetzsr" for unblocking my account

So anyway, a couple weeks ago , I think Cisco/Iron Port sent me a email by accident. In the email it contained a link that went to a online Quarantine that I logged on to. The online quarantine contained one of my role email accounts so I know it's one hundred legitimate :mellow:

Clearly Cisco is setting up a Ironport spam appliance to handle all the junk email that users are forwarding.

Now you know what's going on :lol: :lol: :lol: :lol: :lol: :lol:

jls (at) antihotmail.com

profile_mask2.png
ironport ironport[at]alpha-tech.us via spamcop.net
Sep 25 (7 days ago)
cleardot.gif
cleardot.gif
IronPort spam Quarantine Notification

The message(s) below have been blocked by your administrator as suspected spam.

There are 1 new messages in your Email Quarantine since you received your last spam Quarantine Notification. If the messages below are spam, you do not need to take any action. Messages will be automatically removed from the quarantine after 14 day(s).

If any of the messages below are not spam, click the Release link to have them sent to your Inbox. To see all quarantined messages view your email quarantine.

Quarantined Email From Subject Date Release "Tv Digital no PC" <glpmnu[at]scsluss.... [spam] Re: CANAIS ADULTOS em HD, FILMES, FUTEBOL, SÉRIES e m... 25 Sep 2014 View All Quarantined Messages(1)

Note: This message has been sent by a notification only system. Please do not reply

If the above links do not work, please copy and paste the following URL into a Web browser:
https://mailman.alpha-tech.us:83/---------------------------------- (munged)

Share this post


Link to post
Share on other sites

Hmm... would like to know how to get to my email quarantine!

Umm... wait, I did a whois on this alpha-tech.us, and if I'm not mistaken, it doesn't belong to Cisco / Ironport / SpamCop (or even CES). Are you sure this is legitimate?

Edited by anyone8

Share this post


Link to post
Share on other sites

Hmm... would like to know how to get to my email quarantine!

Umm... wait, I did a whois on this alpha-tech.us, and if I'm not mistaken, it doesn't belong to Cisco / Ironport / SpamCop (or even CES). Are you sure this is legitimate?

I believe it is , because it stated "Email Quarantine" and "Iron Port"

Share this post


Link to post
Share on other sites

But could it be a spoof?

Actually, I could set up an email forwarding service in about an hour, if it doesn't have to work. If there's enough interest, let me know. Since it won't do anything, I'll keep the annual fee low. ;)

Share this post


Link to post
Share on other sites

John (I'm assuming that's your name),

I doubt that this is what you think it is. As others have surmised, it's either a spoof or something triggered from Alpha-Tech's system by mistake. While they utilize a Cisco/Ironport spam-filtering system, they're not Cisco, so this wasn't some sort of "early warning" in your inbox having anything to do with SpamCop, the mail forwarding, etc. It actually does have to do with some possible email transactions for an "antihotmail.com" account, and I think that's what you use.

DT

Share this post


Link to post
Share on other sites

Hmm... would like to know how to get to my email quarantine!

Umm... wait, I did a whois on this alpha-tech.us, and if I'm not mistaken, it doesn't belong to Cisco / Ironport / SpamCop (or even CES). Are you sure this is legitimate?

It  contains one of my  role  email accounts,and also   had  a blocked  email Maybe   the N.S.A. was behind this !strong evidence !

-----

ironport ironport [at] alpha-tech.us via spamcop.net

from: ironport <ironport[at]alpha-tech.us>

to: --------[at]antihotmail.com

date: Thu, Sep 25, 2014 at 3:54 PM

subject: IronPort spam Quarantine Notification

mailed-by: spamcop.net

X-Eon-Dm: sj1-dm02Received: from mailman.alpha-tech.us (mailman.alpha-tech.us [162.210.13.xxx])	by xxxx.mta.everyone.net (EON-INBOUND) with ESMTP id sj1-dm02.541b9cc3.1014352	for <-------[at]antihotmail.com>; Thu, 25 Sep 2014 12:54:05 -0700Received: from localhost by mailman.alpha-tech.us;  25 Sep 2014 15:54:01 -0400Content-Type: text/html; charset="utf-8"MIME-Version: 1.0Content-Transfer-Encoding: base64Message-Id: <b3eed0$ace466c=bf28521f21bf93e4[at]mailman.alpha-tech.us>From: =?utf-8?q?ironport?= <ironport[at]alpha-tech.us>Sender: postmaster[at]alpha-tech.usTo: ----[at]antihotmail.comDate: 25 Sep 2014 15:54:01 -0400Subject: IronPort spam Quarantine NotificationX-Eon-Alias-Sig: AQKh+4NUJHLdnTY+4QEAAAAF,304d2b6e27c0f613bde8e38507d38b7fX-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.28,0.0.0000 definitions=2014-09-25_08:2014-09-25,2014-09-25,1970-01-01 signatures=0X-Proofpoint-spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=7 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1409250206X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=3X-SpamCop-Disposition: Blacklist list-admin[at]e1m.net
Edited by johnsenchak

Share this post


Link to post
Share on other sites

John (I'm assuming that's your name),

I doubt that this is what you think it is. As others have surmised, it's either a spoof or something triggered from Alpha-Tech's system by mistake. While they utilize a Cisco/Ironport spam-filtering system, they're not Cisco, so this wasn't some sort of "early warning" in your inbox having anything to do with SpamCop, the mail forwarding, etc. It actually does have to do with some possible email transactions for an "antihotmail.com" account, and I think that's what you use.

DT

Why couldn't it ,be the site www.alpha-tech[dot]us/ is a cloud hosting company. The front end site which I've seen is hosting on their equipment.

Maybe Cisco has a controling interest in this company which is located in West Virgina. Or the actual Ironport/Cisco spam appliance is located in this data center :D

Alpha Technologies, 4003 Outlook Drive Hurricane, WV 25526

Phone: (304) 201-7485

Edited by johnsenchak

Share this post


Link to post
Share on other sites

Lots of companies have Cisco appliances installed, and that doesn't imply any other connection. This particular "Alpha" is a tiny cloud hosting service (who hasn't even realized that it's 2014 yet--look at the footer of all their web pages) and while they purchase and use Cisco hardware, etc., they're a very small, local concern, and surely NOT owned or controlled by Cisco. Take a look at their FB page:

https://www.facebook.com/wv.alpha.tech

Seriously--just let this go. There's no connection with this system/board/Spamcop/etc..

DT

Share this post


Link to post
Share on other sites

Lots of companies have Cisco appliances installed, and that doesn't imply any other connection. This particular "Alpha" is a tiny cloud hosting service (who hasn't even realized that it's 2014 yet--look at the footer of all their web pages) and while they purchase and use Cisco hardware, etc., they're a very small, local concern, and surely NOT owned or controlled by Cisco. Take a look at their FB page:

https://www.facebook.com/wv.alpha.tech

Seriously--just let this go. There's no connection with this system/board/Spamcop/etc..

DT

Denial , you are wrong I've been on the spam quarantine site. It's one hundred percent real and not a spoofed site




			
		

Share this post


Link to post
Share on other sites

Denial , you are wrong I've been on the spam quarantine site. It's one hundred percent real and not a spoofed site

We didn't say the *site* was spoofed, but that the email could have been spoofed. Also, the quarantine site belongs to the little company in WV that has nothing to do with Cisco or SpamCop.

DT

Share this post


Link to post
Share on other sites

We didn't say the *site* was spoofed, but that the email could have been spoofed. Also, the quarantine site belongs to the little company in WV that has nothing to do with Cisco or SpamCop.

DT

The email header above proves you wrong

Share this post


Link to post
Share on other sites

The email header above proves you wrong

How so? I don't think you're understanding our main point, which is that this has NOTHING to do with SpamCop or the new Cisco forwarding. We didn't contend that the email MUST be spoofed--but rather that it *could* have been spoofed. So if you're saying that the email headers are fine, great, but they still don't show the nonexistant connection you're claiming.

Share this post


Link to post
Share on other sites

How so? I don't think you're understanding our main point, which is that this has NOTHING to do with SpamCop or the new Cisco forwarding. We didn't contend that the email MUST be spoofed--but rather that it *could* have been spoofed. So if you're saying that the email headers are fine, great, but they still don't show the nonexistant connection you're claiming.

Symantics , if you ask me. Then how does that explain what I've seen on that site, Could have that been spoofed to? That would including a email role account that I use, which is associated with my spamcop.net account

Edited by johnsenchak

Share this post


Link to post
Share on other sites

The site is legit, but it has NOTHING to do with anything here. The connection with your email account associated with your Spamcop.net account is obviously coincidental. And I think you meant "semantics."

Share this post


Link to post
Share on other sites

The site is legit, but it has NOTHING to do with anything here. The connection with your email account associated with your Spamcop.net account is obviously coincidental. And I think you meant "semantics."

Thanks for checking my spelling, But anyway, I sent a email to that hosting company to find out if it's legimate. It's just odd that right after Jeff Tucker changed the MX record so that ongoing email forwards to Cisco , I received that message. I mean come on why just create a fowarding account , that users can't access or find out if legimates emails are being stopped. I can create email forwards with my mail maps , why do I need Cisco?

I am now paying $30 for a email foward, big deal. Their has to be more to this

Edited by johnsenchak

Share this post


Link to post
Share on other sites

Nope. It is what it is.

DT

I also stated about three months ago that cesmail.net was in financial trouble and look what happened . No repy back yet, maybe I will give this hosting service a call

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×