Jump to content
Sign in to follow this  
rsh@idirect.com

False sending date messages

Recommended Posts

Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem?

--------------------------------------------------------------

Return-path: <oaoai[at]pisem.net>

Envelope-to: rsh[at]idirect.com

Delivery-date: Sun, 06 Feb 2005 08:55:21 +0000

Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net)

by keymaster.look.ca with smtp (Exim 4.20)

id 1CxiCP-0002pJ-0r

for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000

Date: 1 Dec 2004 08:49:47 -0600

From: Paula Mcdowel <oaoai[at]pisem.net>

To: <rsh[at]idirect.com>

Message-ID: <20041201084947.Lt9KwnepnrKV[at]pisem.net>

X-SA-Exim-Mail-From: oaoai[at]pisem.net

Content-type: text/plain

Subject: [spam] R0lex starting under $200

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca

X-spam-Level:

X-spam-Status: No, hits=-98.2 required=9.0 tests=DATE_IN_PAST_96_XX,

USER_IN_ALL_SPAM_TO autolearn=no version=2.63

X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004)

X-SA-Exim-Scanned: Yes

X-Text-Classification: spam

X-POPFile-Link: http://127.0.0.1:8081/jump_to_message?view=33

Authentic Replica Roleex wrist-watches here

We are offering Genuine Replica Roleex wrist-watches for a superb pricee !

http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A

Share this post


Link to post
Share on other sites

The parser uses the date from the first trusted received line (only one such header in your example). The date the parser should get is: Sun, 06 Feb 2005 08:55:21 +0000

From:

Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net) by keymaster.look.ca with smtp (Exim 4.20)

id 1CxiCP-0002pJ-0r for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000

If you have a parse that shows differently for this spam, please paste the tracking URL here for examination. From your post: "will likely be told by SpamCop", it appears you have not tried.

Edited by StevenUnderwood

Share this post


Link to post
Share on other sites

Okay... so I have to watch for one that rejects on date. You are correct and this one did not, so it turns out to have been a poor example. Will post the next one that meets the criteria you cover. TIA

Share this post


Link to post
Share on other sites
idirect.com,Feb 6 2005, 09:46 AM]Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem?

--------------------------------------------------------------

...

http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A

23986[/snapback]

The hotmail account listed in the 'whois' data from the domain is invalid. File a report with wdprs.internic.net and with the registrar (i.e. itsyourdomain.com for this one). BTW. I've gotten blacklisted literally dozens of domains by the same registrant over the past two weeks. Getting the domain revoked is extra work I haven't (yet) bothered with (he used lots of registrars and the relatively `new' spam DNS servers {first,second,third}.cuzdns.com).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×