dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1621
share rss forum feed


XANAVirus
Premium
join:2012-03-03
Lavalette, WV
Reviews:
·Callcentric
·Comcast

[Spam] "Recommend this site" Spam

Has anyone noticed an uptick the messages with the following message text (no subject, usually):

"Hello..i recommend this site

This is the 5th time in a month I've received basically the same message, only the link and originating email address are different.

I attach the headers so you can see this for yourself.

Delivered-To: [me]@gmail.com
Received: by 10.205.129.11 with SMTP id hg11csp155474bkc;
Tue, 12 Feb 2013 16:07:08 -0800 (PST)
X-Received: by 10.50.185.229 with SMTP id ff5mr7362853igc.82.1360714027434;
Tue, 12 Feb 2013 16:07:07 -0800 (PST)
Return-Path:
Received: from nm2-vm0.bullet.mail.ird.yahoo.com (nm2-vm0.bullet.mail.ird.yahoo.com. [77.238.189.199])
by mx.google.com with SMTP id t8si396961pav.25.2013.02.12.16.07.05;
Tue, 12 Feb 2013 16:07:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of willardtbrewer@yahoo.com designates 77.238.189.199 as permitted sender) client-ip=77.238.189.199;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of willardtbrewer@yahoo.com designates 77.238.189.199 as permitted sender) smtp.mail=willardtbrewer@yahoo.com;
dkim=pass header.i=@yahoo.com
Received: from [212.82.105.245] by nm2.bullet.mail.ird.yahoo.com with NNFMP; 13 Feb 2013 00:07:05 -0000
Received: from [46.228.39.58] by tm17.bullet.mail.ird.yahoo.com with NNFMP; 13 Feb 2013 00:07:05 -0000
Received: from [127.0.0.1] by smtp191.mail.ir2.yahoo.com with NNFMP; 13 Feb 2013 00:07:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360714025; bh=3S1Hg2bsPlbRaja9QFWghaHuszEgi/erE1d8BR6ezoY=; h=X-Yahoo-Newman-Id:Message-ID:Date:Received:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:From:To:Subject; b=s08+3QNAvKB4e0VSRet18rsN2KZOBzOFKI8nXhj6AeJJn+WFIr9aerMhnkpuX2kxxWZQVhTIi/0R1Yv/z6WSGbgAo27Q5UP4NTNN3CAYORkxTfH1qC4KsVv2aK7mHzsGHMXtjk4HW450CRpVRD6FuJHPjEAzRjV1Hc A0oX7xm4g=
X-Yahoo-Newman-Id: 280843.3355.bm@smtp191.mail.ir2.yahoo.com
Message-ID:
Date: Wed, 13 Feb 2013 00:07:05 +0000 (UTC)
Received: from yryvahox (willardtbrewer@85.61.57.227 with plain)
by smtp191.mail.ir2.yahoo.com with SMTP; 13 Feb 2013 00:07:05 +0000 UTC
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 5UDXx18VM1m3f9ku9bDU4Jyh3aX2_r90ShNXZKKzLQlX383
yddmPt43mLfhc5mqABnicmaWW5sEYlMbWEbiGDJKrr6l1oOkLJSsbtggzmUC
v.JuDqhNSc2tVTcLlFgCLECZFX_qIfpnFBkMyPtwisgTVifd7noKoTAJJIyP
A4Q1oI3CVqw7AMoFhHu9P_WH8a.MkGwRegpKfoJRgjSOgiKHQ4Vk1V1Qepcz
ZpqaPwezqTnssPPHan5wT5Qme5970Gc3juGi.DXGaqZ7HB9NO49IQxU0cTta
Amzet3dno_EjLo2QK9hCMw5I9W.A5.XEM8i3ZyT6ltg.3EPCXWo4WLXP8AFe
F81PDyLnnIM.6fFc1gogdaEaTbtRpzbukBVmFLwQxNU9xb0a4xXuTfUgWSOW
ZM2axQeOUhYQonf8NdWS4sb2aGR9m4RnB3Ut9jBVz70BaDuW6TbuQyh8HFMo
LXLiKZvD0JQ9a0O3iEaxvRz8Q2ROcxUY23LrNU.tteUW72ABFKQYTpp5CuY8
fOykZOPiAaOKg3Jo18.qvNuGI5kns1xYLEGknf4BaXqP6z5RLshSf77fQ7xf
bEX0XauElFauTd_Q-
X-Yahoo-SMTP: 7KWH9hOswBBgLL6T.dRHkqcRkugag3pHnhRz
From: willardtbrewer@yahoo.com
To:
Subject:

Hello..i recommend this site h--p://blinknews.com/users/62Earn%20more%20due%20to%20your%20PC%20from%20home3


It's really weird.
I think these people are maybe victims of some email virus, but how they got my email archiving address into their contacts is a mystery.

Of course, every one of these 5 messages all advertise some sort of home-based business - obviously if they're having to advertise using email spam they're not worth looking at (not that I'd go for home based business in the first place).


DC DSL
There's a reason I'm Command.
Premium
join:2000-07-30
Washington, DC
kudos:2
said by XANAVirus:

Has anyone noticed an uptick the messages with the following message text (no subject, usually):

"Hello..i recommend this site

[snip]
It's really weird.
I think these people are maybe victims of some email virus, but how they got my email archiving address into their contacts is a mystery.

I get tons of them from people whose email accounts were compromised.

And, no, it is not weird. If your address contains *ANYTHING* that is guessable such as a word or name, they have you. Just one slip-up, like hitting reply on something while in that mailbox and you have just negated your stealth.
--
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following."