dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4333
share rss forum feed


Curious George

@comcast.net

[Spam] I think I'm being Scammed... Can someone verify?

Can someone tell me if these e-mail are originating from the same place? Just in case I am not being scammed, I have taken out their e-mail addresses.

The first one is:

Received: (qmail 16935 invoked by uid 399); 19 May 2009 05:46:50 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
mail304.opentransfer.com
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=5.0 tests=BAD_CREDIT,HTML_MESSAGE,
RDNS_NONE autolearn=disabled version=3.2.1
Received: from unknown (HELO ironport.opentransfer.com) (76.162.254.120)
by mail304.opentransfer.com with ESMTP; 19 May 2009 05:46:50 -0000
X-Originating-IP: 76.162.254.120
Received-SPF: none (mail304.opentransfer.com: domain at yahoo.com does not designate permitted sender hosts)
identity=mailfrom; client-ip=76.162.254.120;
envelope-from=;
Received: from web53711.mail.re2.yahoo.com ([206.190.39.60])
by ironport.opentransfer.com with SMTP; 19 May 2009 02:01:58 -0400
Received: (qmail 50079 invoked by uid 60001); 19 May 2009 06:01:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1242712916; bh=pFjaHCvjp4pMyp0e+dIBvCbpocLZM8Z4GsTg/iK0t40=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=4Vi0pKhV0y3N36hlTSo+nqW0sGhi/D2eS3LhZRR/LlVPvRNyOG6b5strAipZ7Lslv3bHaFj0CudhZXqG/Q0d0a22azYHBaQZco2RUIUmoxS2nf0JWlPn9FLaHCr+B5nrdTEH5g8clOCn9H1DbaJmGTJFqwxJBECNrQuTe1VgbDI=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=eC6JC1y0QQLiJAnGujgas7gt55ivWhO0JQR5R+TYJ5aDEZ0M4pCEYuNiCOhyM6TlPgXAEcR2uF8khHyflc1/v5TKyCCLq+HG4IFlZB2BfZtD8y9PxqHaxUuVPK0CQWhqp0YOXtJV+MkrjDAlCoRq+4+x1GWHuAVRas/v0T1VBms=;
Message-ID:
X-YMail-OSG: xwX5VMoVM1mM9lpppQIFAdIChIpyFD0jixiVo4QEzg4CKZ6FU_ThqnKDGE0y1TgDkWvyxhiXg52SKy4keDxzAL3ogeowefhgFTYz9f9ERMnIsKlU8m1uBNdbHDY5mMa7obdu rZy3jroA8CKAnhmuAVi8vLXxBsoqxCHjtczN_bvI_iSQNNb5dJQgAxZDrjKnyDzCk_eUYb2dv4OHjktWkMZ6XuUhUgX094OVJ.pTgFWqLmadTfipf4cpHaOHdHu4bH2NP43B4S4PNAeayra5YBT5PexIaIfemo49uYMQnP47NOfiNU_f.Y62t5IqxFZ.xuNbq986VQ--
Received: from [96.224.97.93] by web53711.mail.re2.yahoo.com via HTTP; Mon, 18 May 2009 23:01:56 PDT
X-Mailer: YahooMailClassic/5.2.20 YahooMailWebService/0.7.289.10
Date: Mon, 18 May 2009 23:01:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1723948674-1242712916=:49181"

The second one was routed to me through my catch all account, so it has a bit more info:

Received: (qmail 1368 invoked by uid 399); 17 May 2009 04:39:22 -0000
Received: (qmail 1329 invoked by uid 399); 17 May 2009 04:39:22 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
mail304.opentransfer.com
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=5.0 tests=HTML_MESSAGE,RDNS_NONE
autolearn=disabled version=3.2.1
Received: from unknown (HELO ironport.opentransfer.com) (76.162.254.120)
by mail304.opentransfer.com with ESMTP; 17 May 2009 04:39:22 -0000
X-Originating-IP: 76.162.254.120
Received-SPF: none (mail304.opentransfer.com: domain at yahoo.com does not designate permitted sender hosts)
identity=mailfrom; client-ip=76.162.254.120;
envelope-from=;
Received: from n16.bullet.mail.mud.yahoo.com ([68.142.206.43])
by ironport.opentransfer.com with SMTP; 17 May 2009 00:54:18 -0400
Received: from [68.142.200.227] by n16.bullet.mail.mud.yahoo.com with NNFMP; 17 May 2009 04:54:18 -0000
Received: from [76.13.13.25] by t8.bullet.mud.yahoo.com with NNFMP; 17 May 2009 04:54:18 -0000
Received: from [76.13.10.169] by t4.bullet.mail.ac4.yahoo.com with NNFMP; 17 May 2009 04:54:18 -0000
Received: from [127.0.0.1] by omp110.mail.ac4.yahoo.com with NNFMP; 17 May 2009 04:54:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 246136.89121.bm@omp110.mail.ac4.yahoo.com
Received: (qmail 9453 invoked by uid 60001); 17 May 2009 04:54:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1242536058; bh=3JMtfNaUTuxDY5sUObxmpsMm8YVqpiCg++QmFJSrU4U=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=tLsAZDIkOjEWYYvkRj57/pB6voekuNWyTxMAUolb7xJh+QyYiu9Gg3kBYpDtuOM9DtHzm3sguApG/PzZth27Mz6GUNEq0Z6weHJ4iStD+xmMTx8141SbmYcVv000GFK6zA4TVWNEGEohFQZjh5ovbQoxi73FNmTgh0jVJvKjifY=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=uhyCf3Tvo37qn77WrX23qMAxdZkfbmC29RxuWpS1eDTWhwJg6sB8uxdX+UJWRNcHH1uKdCCGtQtMrywpJK6cmb7UIPJqPGyC33iUV0wtZEz8ruNbjv90+GV5PL0dPfXvKN1baOIeSSe0kjkHG4luZrBZ7o1Y+zsqnb9rf05Mv54=;
Message-ID:
X-YMail-OSG: dowJqEkVM1m5WSgGsgQuq_9w2V65QPKDkKTJv9HT7z1dJyRCy_14MyfIaEwZ1tXjs5SGuSAqHEt8eWQ7owtKPY2utgSBVm..AbZE17SdFwEWjcwqFJRbJ5l1tRdT.UduwAnqzrlhnE7HycoPwwHjGRQGcaHx7Tc0xcyaU317QExr2A62JVihEqMJ5M672sOkrqtdoEa8YtvpDTC cs6AivwXJ6YqMqmj_j0oQecDGq6tFfm8tW5m80Oi.E6bkIF0E_8trL.uwNR_Lk.64cYI4bfrXDiqK5mYXl0m6dLFV
Received: from [70.9.2.157] by web59614.mail.ac4.yahoo.com via HTTP; Sat, 16 May 2009 21:54:16 PDT
X-Mailer: YahooMailRC/1277.43 YahooMailWebService/0.7.289.10
Date: Sat, 16 May 2009 21:54:16 -0700 (PDT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-930170511-1242536056=:8902"

Thanks, and I look forward to hearing from someone if it is the same computer sending it.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

It isn't always easy to tell where they come from.

Both messages appear to have use yahoo webmail to inject the message.

The first message appears to have originated at:
pool-96-224-97-93.nycmny.east.verizon.net 96.224.97.93

The second appears to have come from:
70-9-2-157.pools.spcsdns.net 70.9.2.157

It is unlikely that these are both from the same machine, unless the originator is making an effort to hide his origin by using botnet proxies.

If there is an envelope sender (typically in a "Return-Path:" header), that is not shown. I believe that Yahoo checks that these days, and won't accept webmail except from a user who has demonstrated control over that sender address.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10



Curious George

@comcast.net

Is there a way to track down who the individuals are? If so, I'd be willing to pay someone who has that ability.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

Tracking individuals on the net is usually very difficult, particularly if they are trying to hide their tracks.



Curious George

@comcast.net

Well, I think I know who it is, but need to prove it. If I can, it could result in a serious settlement.

I don't believe that these people / persons are truely trying to hide their identity. They are more than likely just sending it though yahoo without much thought.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6

You should hire an attorney to subpoena yahoo if believe the event(s) are actionable in a court of law.