spamcop[at]sbl.com

[mpsmom]

I use spamcop, therefore know about it, so was suspicious when this came in. It came to a business email that does send a lot of email. Has anyone seen this? I noticed the link, where they want me to enter a code goes to a foreign country (http://aaron-zulkifli.ucoz.ru), so figure it's just a way to download a virus or get some information.

Return-Path: SpamCop[at]sbl.com

Received: from mail.hscseminars.org (LHLO mail.hscseminars.org)

(66.166.140.195) by mail.hscseminars.org with LMTP; Wed, 9 Jan 2013

16:19:57 -0700 (MST)

Received: from localhost (localhost.localdomain [127.0.0.1])

by mail.hscseminars.org (Postfix) with ESMTP id B9024121CC9

for <continuing_education[at]hscseminars.org>; Wed, 9 Jan 2013 16:19:57 -0700 (MST)

X-Virus-Scanned: amavisd-new at mail.hscseminars.org

X-spam-Flag: NO

X-spam-Score: 2.946

X-spam-Level: **

X-spam-Status: No, score=2.946 tagged_above=-10 required=6.6

tests=[bAYES_50=0.8, DEAR_EMAIL=0.001, FROM_EXCESS_BASE64=0.979,

HTML_MESSAGE=0.001, RCVD_NUMERIC_HELO=1.164, SPF_FAIL=0.001]

autolearn=no

Received: from mail.hscseminars.org ([127.0.0.1])

by localhost (mail.hscseminars.org [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id gyHTTd6QjdT2 for <continuing_education[at]hscseminars.org>;

Wed, 9 Jan 2013 16:19:56 -0700 (MST)

Received: from rea.reachmediatv.com (reachmediatv.com [108.167.172.22])

by mail.hscseminars.org (Postfix) with ESMTPS id 23273121CC8

for <continuing_education[at]hscseminars.org>; Wed, 9 Jan 2013 16:19:56 -0700 (MST)

Received: from [176.222.239.10] (port=6458 helo=176.222.239.10)

by rea.reachmediatv.com with esmtpa (Exim 4.80)

(envelope-from <SpamCop[at]sbl.com>)

id 1Tt544-0000yX-CB

for continuing_education[at]hscseminars.org; Wed, 09 Jan 2013 17:28:08 -0600

Message-ID: <9947518E50EC44A0A8AC7D69B6734091[at]eutserverLOKAL>

From: =?koi8-r?B?U3BhbUNvcEBzYmwuY29t?= <SpamCop[at]sbl.com>

To: <continuing_education[at]hscseminars.org>

Subject: =?koi8-r?B?QXR0ZW50aW9uISBZb3VyIGVtYWlsICJjb250aW51aW5nX2VkdWNhdGlvbkBoc2NzZW1pbmFycy5vcmcgIiB3aWxsIGJlIEJMQUNLTElTVEVEIHNvb24u?=

Date: Thu, 10 Jan 2013 00:28:04 +0100

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_1BEE_01CDEEC9.5B2793D0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Windows Mail 6.0.6001.18000

X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - rea.reachmediatv.com

X-AntiAbuse: Original Domain - hscseminars.org

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - sbl.com

X-Get-Message-Sender-Via: rea.reachmediatv.com: authenticated_id: karim[at]reachmediatv.com

This is a multi-part message in MIME format.

------=_NextPart_000_1BEE_01CDEEC9.5B2793D0

Content-Type: text/plain;

charset="koi8-r"

Content-Transfer-Encoding: quoted-printable

=20

Dear continuing_education[at]hscseminars.org,

Today 1/10/2013 we received complaints about spam coming from your netwo=

rk. spam bots are sending bulk emails, for the security reasons your ema=

il will be blacklisted. To avoid blacklisting please check your Sent fold=

er for unknown emails and prove that you are human by entering this code =

"36846712" here. Your email will be recorded and spam flag will be remove=

d. No other data will be collected.=20

Thank you for cooperation.

=20

SpamCOP SBL.

------=_NextPart_000_1BEE_01CDEEC9.5B2793D0

Content-Type: text/html;

charset="koi8-r"

Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML xmlns:o><HEAD><TITLE></TITLE>

<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">

<META content=3D"MSHTML 6.00.6001.18023" name=3DGENERATOR></HEAD>

<BODY> =20

<META content=3D"MSHTML %_RTXT_5-8_1_%" name=3DGENERATOR>

<P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Dear  <A=20

href=3D"mailto:continuing_education[at]hscseminars.org">continuing_education=

[at]hscseminars.org</A>,</SPAN></P>

<P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Today 1/10/=

2013=20

 we received complaints about spam coming from your network.  S=

pam=20

bots are sending bulk emails, for the security reasons your email wi=

ll be=20

blacklisted. To avoid blacklisting please check your Sent folder for=

=20

unknown emails and prove that you are human by entering this=20

code "36846712" <A=20

href=3D"http://aaron-zulkifli.ucoz.ru">here</A>.</SPAN> Your email w=

ill be recorded and=20

spam flag will be removed. No other data will be collected. </P>

<P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Thank you for=20

cooperation.<o:p></o:p></SPAN></P>

<P><SPAN lang=3DEN-US=20

style=3D"mso-ansi-language: EN-US"><o:p></o:p></SPAN> </P>

<P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">SpamCOP=20

SBL.<o:p></o:p></SPAN></P></BODY></HTML>

------=_NextPart_000_1BEE_01CDEEC9.5B2793D0--

[Farelf]

Hi mpsmom. Seems there's a lot of phishing and exploits from different sources going on at the moment. In terms of "your" flavour, the domains ucoz.ru, ucoz.pl and ucoz.ua seem to be a bit notorious for phishing (at least) - according to gmane.org, etc. - not to mention ucoz.de, ucoz.lv, ucoz.com, ucoz.co and ucoz.net. How such blatant abuse can be tolerated remains a deep mystery. My wife made me eschew advocacy of the Pear of Anguish long ago so these days I just run with the short and sharpened stake. But we shall probably have to settle with simply reporting these things, as always. And warning others who, conceivably, might actually be fooled by them. Thanks for that.