Jump to content

Cures For Sure Com at Simplenet.com


elind

Recommended Posts

Posted

While I'm at it I would like to ask a similar question on another spammer. I make it another thread because it is a little different in another way.

This one also gets through having been sent to my spamcop email (I think). I typically get 5 or 6 perday. All identical but sent from all over the world, with a couple of Egyptian ISPs being prominent. (Link.net, Tedata.com). Why do they get through spamcop?

However it is different from other spam in that the website listed at the bottom is a disguised website not picked up by spam filtering since they write it as "cures for sure com", not curesforsure.com. I have looked at the site and it seems to be a porn site, with no contact information. It traces to Simplenet.com, an ISP in California. I have called them and they acknowledge the site as being part of one of their clients, but they do nothing to remove it. I have to think they are willing spammer partners.

Does anyone else receive these and is there any other way to stick it to simplenet?

X-IronPort: hrndva-mx07.mail.rr.com 34764147

X-RR-Connecting-IP: 216.154.195.49

Received: from c60.cesmail.net ([216.154.195.49])

by hrndva-mxlb.mail.rr.com with ESMTP; 27 Oct 2007 07:42:19 +0000

Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217])

by c60.cesmail.net with SMTP; 27 Oct 2007 03:42:19 -0400

Received: (qmail 2602 invoked by uid 1010); 27 Oct 2007 07:42:18 -0000

Delivered-To: spamcop-net-elind[at]spamcop.net

Received: (qmail 2590 invoked from network); 27 Oct 2007 07:42:18 -0000

X-spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on filter7

X-spam-Level: *************

X-spam-Status: hits=13.3 tests=HS_INDEX_PARAM,HTML_MESSAGE,MIME_HTML_ONLY,

RDNS_DYNAMIC,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,

URIBL_WS_SURBL version=3.2.3

Received: from unknown (192.168.1.107)

by filter7.cesmail.net with QMQP; 27 Oct 2007 07:42:18 -0000

Received: from dsl.dynamic8599200112.ttnet.net.tr (85.99.200.112)

by mx70.cesmail.net with SMTP; 27 Oct 2007 07:42:17 -0000

Date: Sat, 27 Oct 2007 06:01:41 -0100

From: "John R. Murray" <uysvca[at]vcet.org>

X-Mailer: Calypso Version 3.20.01.01 (4)

X-Priority: 3

Message-ID: <18803518.20071027060141006888[at]vcet.org>

To: elind[at]spamcop.net

Subject: Bright side

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

X-SpamCop-Checked:

X-SpamCop-Disposition: Blocked SpamAssassin=13

X-SpamCop-Whitelisted: spamcop.net

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<body>

<br>

==This is MEDFEST==<br>

<br>

All your favourite stuff Cures are finally on zale<br>

<br>

<a href="http://fcrhiw.mobytomb.net/?88448682">BuyRightNow</a><br>

<br>

<br>

From<br>

Cures for Sure com

</body>

</html>

Posted
Same reason, though I do not see the field used to match the whitelist on this one.

It was probably the Envelope Sender aka Return Path, which wasn't included in the example.

DT

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...