Jump to content

False sending date messages


rsh@idirect.com

Recommended Posts

Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem?

--------------------------------------------------------------

Return-path: <oaoai[at]pisem.net>

Envelope-to: rsh[at]idirect.com

Delivery-date: Sun, 06 Feb 2005 08:55:21 +0000

Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net)

by keymaster.look.ca with smtp (Exim 4.20)

id 1CxiCP-0002pJ-0r

for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000

Date: 1 Dec 2004 08:49:47 -0600

From: Paula Mcdowel <oaoai[at]pisem.net>

To: <rsh[at]idirect.com>

Message-ID: <20041201084947.Lt9KwnepnrKV[at]pisem.net>

X-SA-Exim-Mail-From: oaoai[at]pisem.net

Content-type: text/plain

Subject: [spam] R0lex starting under $200

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca

X-spam-Level:

X-spam-Status: No, hits=-98.2 required=9.0 tests=DATE_IN_PAST_96_XX,

USER_IN_ALL_SPAM_TO autolearn=no version=2.63

X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004)

X-SA-Exim-Scanned: Yes

X-Text-Classification: spam

X-POPFile-Link: http://127.0.0.1:8081/jump_to_message?view=33

Authentic Replica Roleex wrist-watches here

We are offering Genuine Replica Roleex wrist-watches for a superb pricee !

http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A

Link to comment
Share on other sites

The parser uses the date from the first trusted received line (only one such header in your example). The date the parser should get is: Sun, 06 Feb 2005 08:55:21 +0000

From:

Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net) by keymaster.look.ca with smtp (Exim 4.20)

id 1CxiCP-0002pJ-0r for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000

If you have a parse that shows differently for this spam, please paste the tracking URL here for examination. From your post: "will likely be told by SpamCop", it appears you have not tried.

Link to comment
Share on other sites

idirect.com,Feb 6 2005, 09:46 AM]Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem?

--------------------------------------------------------------

...

http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A

23986[/snapback]

The hotmail account listed in the 'whois' data from the domain is invalid. File a report with wdprs.internic.net and with the registrar (i.e. itsyourdomain.com for this one). BTW. I've gotten blacklisted literally dozens of domains by the same registrant over the past two weeks. Getting the domain revoked is extra work I haven't (yet) bothered with (he used lots of registrars and the relatively `new' spam DNS servers {first,second,third}.cuzdns.com).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...