btech Posted October 5, 2004 Share Posted October 5, 2004 I've received this spam 2 times [at] a hotmail address of mine. Attached to the email, which looks like a bounce, is the Netsky worm. When I tried to forward to my reporting link, SpamCop sees the email as a bounce, so it doesn't report the spam. But it CLEARLY is spam and a malicious one at that: X-Message-Info: JGTYoYF78jFzK+cjWxSoXZxjeWUnBWjk Received: from lamx03.mgw.rr.com ([66.75.160.11]) by mc8-f31.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 4 Oct 2004 20:54:58 -0700 Received: from localhost (localhost) by lamx03.mgw.rr.com (8.12.10/8.12.8) id i94KbZuv023452; Mon, 4 Oct 2004 23:54:57 -0400 (EDT) Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT) From: Mail Delivery Subsystem <MAILER-DAEMON[at]lamx03.mgw.rr.com> Message-Id: <200410050354.i94KbZuv023452[at]lamx03.mgw.rr.com> To: <btech[at]hotmail.com> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="i94KbZuv023452.1096948497/lamx03.mgw.rr.com" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) Return-Path: <> X-OriginalArrivalTime: 05 Oct 2004 03:54:58.0303 (UTC) FILETIME=[1506D0F0:01C4AA8F] This is a MIME-encapsulated message --i94KbZuv023452.1096948497/lamx03.mgw.rr.com The original message was received at Sat, 2 Oct 2004 21:36:26 -0400 (EDT) from 69-172-235-249.vnnyca.adelphia.net [69.172.235.249] ----- The following addresses had permanent fatal errors ----- <tglaser[at]socal.rr.com> (reason: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com) ----- Transcript of session follows ----- ... while talking to ms-mta-02-fn.socal.rr.com.: >>> DATA <<< 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com <tglaser[at]socal.rr.com>... Deferred: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com <<< 554 5.5.0 No recipients have been specified. Message could not be delivered for 2 days Message will be deleted from queue --i94KbZuv023452.1096948497/lamx03.mgw.rr.com Content-Type: message/delivery-status Reporting-MTA: dns; lamx03.mgw.rr.com Arrival-Date: Sat, 2 Oct 2004 21:36:26 -0400 (EDT) Final-Recipient: RFC822; tglaser[at]socal.rr.com Action: failed Status: 4.4.7 Remote-MTA: DNS; ms-mta-02-fn.socal.rr.com Diagnostic-Code: SMTP; 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com Last-Attempt-Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT) --i94KbZuv023452.1096948497/lamx03.mgw.rr.com Content-Type: text/rfc822-headers Received: from socal.rr.com (69-172-235-249.vnnyca.adelphia.net [69.172.235.249]) by lamx03.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i931aQuI000751 for <tglaser[at]socal.rr.com>; Sat, 2 Oct 2004 21:36:26 -0400 (EDT) Message-Id: <200410030136.i931aQuI000751[at]lamx03.mgw.rr.com> From: **********[at]hotmail.com To: tglaser[at]socal.rr.com Subject: Notice again Date: Sat, 2 Oct 2004 18:36:26 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0016----=_NextPart_000_0016" X-Priority: 3 X-MSMail-Priority: Normal X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Virus-Scan-Result: Repaired 36326 W32.Netsky.P[at]mm --i94KbZuv023452.1096948497/lamx03.mgw.rr.com-- Anyone else seen this or know how to report it? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 6, 2004 Share Posted October 6, 2004 It is against spamcop rules to report Virus related emails. You can use spamcop to determine the source (headers only) them manually report it to the ISP. Link to comment Share on other sites More sharing options...
btech Posted October 6, 2004 Author Share Posted October 6, 2004 It is against spamcop rules to report Virus related emails. You can use spamcop to determine the source (headers only) them manually report it to the ISP. 18326[/snapback] oh man... I didn't know that. sorry! I'll manually report it Link to comment Share on other sites More sharing options...
turetzsr Posted October 6, 2004 Share Posted October 6, 2004 oh man... I didn't know that. sorry! I'll manually report it 18332[/snapback] ...You might want to have a look at SpamCop FAQ: SpamCop Parsing and Reporting Service: Rules. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.