xcorp::When it rains, it pours.

"The nice thing about rain," said Eeyore, "is that it always stops. Eventually."

トップ > 今回のハイスコア

今回のハイスコア

今は亡きメスト風(何

From: "Adrian Snider" <yffotabsycff@hotmail.com>
Subject: [SPAM] I'm interested ,Please more information, please get back to me
Date: Fri, 08 Apr 2005 14:13:26 -0300
Message-Id: <QNYTBVFFHXPOGJWSBCSQK@hotmail.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on decoy.rootkit.jp
X-Spam-Level: **************************************************
X-Spam-Status: Yes, hits=54.3 required=4.0 tests=DEAR_SOMETHING,
	FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,FORGED_RCVD_NET_HELO,
	HTML_50_60,HTML_FONT_BIG,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIMEQENC,
	MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
	MISSING_MIMEOLE,MULTIPART_ALTERNATIVE,QENCPTR1,QENCPTR2,RCVD_COP_CBL,
	RCVD_COP_SBL_XBL,RCVD_COP_SORBS_DSBL,RCVD_IN_AHBL,RCVD_IN_AHBL_PROXY,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_CBL,RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,
	RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_OPM,RCVD_IN_OPM_HTTP,
	RCVD_IN_OPM_HTTP_POST,RCVD_IN_SBL_XBL,RCVD_IN_SORBS,
	RCVD_IN_SORBS_SOCKS,WHY_WAIT,X_MAILER_PRESENT autolearn=no 
	version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4256AE26.8B6F2C09"
X-IMAPbase: 1110555620 74
Status: O
X-UID: 73
Content-Length: 6960
X-Keywords:                                                                                                    

Spam detection software, running on the system "decoy.rootkit.jp", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Dear Sir, Order your branded Rolex and Tag Heuer etc
  now to enjoy free shipping for this month! Why wait? Thousands have
  been sold, and we have very limited stock remaining. To view our
  extensive selection, visit our website now at:
  URI:http://sckiself.xbsta.info/ http://sckiself.xbsta.info/ [...] 

Content analysis details:   (54.3 points, 4.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.5 MULTIPART_ALTERNATIVE  Multipart/alternative
 0.1 X_MAILER_PRESENT       exists:X-Mailer
 1.2 DEAR_SOMETHING         BODY: Contains 'Dear (something)'
 0.5 WHY_WAIT               BODY: What are you waiting for
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_FONT_BIG          BODY: HTML has a big font
 4.0 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.2 HTML_50_60             BODY: Message is 50% to 60% HTML
 0.7 MIME_HTML_NO_CHARSET   RAW: Message text in HTML without charset
 1.0 MIMEQENC               BODY: Quoted-Printable mime definition
 1.0 QENCPTR2               BODY: Quoted-Printable mime pattern
 1.0 QENCPTR1               BODY: Quoted-Printable mime pattern
 3.0 FORGED_RCVD_NET_HELO   Host HELO'd using the wrong IP network
 4.3 RCVD_IN_OPM_HTTP       RBL: OPM: sender is open HTTP CONNECT proxy
                            [218.19.11.251 listed in opm.blitzed.org]
 2.5 RCVD_IN_OPM            RBL: Received via a relay in opm.blitzed.org
                            [218.19.11.251 listed in opm.blitzed.org]
 1.5 RCVD_IN_SBL_XBL        RBL: Received via a relay in Spamhaus SBL+XBL
                            [218.19.11.251 listed in sbl-xbl.spamhaus.org]
 0.5 RCVD_IN_NJABL_PROXY    RBL: NJABL: sender is an open proxy
                            [218.19.11.251 listed in dnsbl.njabl.org]
 0.5 RCVD_IN_AHBL_PROXY     RBL: AHBL: Open Proxy server in BlackList / BlockList dnsbl.ahbl.org
                            [218.19.11.251 listed in dnsbl.ahbl.org]
 2.5 RCVD_IN_OPM_HTTP_POST  RBL: OPM: sender is open HTTP POST proxy
                            [218.19.11.251 listed in opm.blitzed.org]
 0.5 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org
                            [218.19.11.251 listed in dnsbl.njabl.org]
 0.5 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [218.19.11.251 listed in dnsbl.sorbs.net]
 1.5 RCVD_IN_CBL            RBL: Received via a relay in cbl.abuseat.org
          [Blocked - see <http://cbl.abuseat.org/lookup.cgi?ip=218.19.11.251>]
 1.5 RCVD_IN_AHBL           RBL: AHBL: sender is listed in BlackList / BlockList dnsbl.ahbl.org
                            [218.19.11.251 listed in dnsbl.ahbl.org]
 2.5 RCVD_IN_SORBS_SOCKS    RBL: SORBS: sender is open SOCKS proxy server
                            [218.19.11.251 listed in dnsbl.sorbs.net]
 0.5 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                            [<http://dsbl.org/listing?218.19.11.251>]
 3.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?218.19.11.251>]
 2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                            [218.19.11.251 listed in dnsbl.sorbs.net]
 1.7 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
 1.1 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 1.1 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
 3.0 RCVD_COP_SBL_XBL       RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_SBL_XBL
 1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
 3.0 RCVD_COP_CBL           RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_CBL
 3.0 RCVD_COP_SORBS_DSBL    RCVD_IN_BL_SPAMCOP_NET && (RCVD_IN_SORBS || RCVD_IN_DSBL)
 1.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

______________________________________________________________________
Received: from 203.141.149.115 (unknown [218.19.11.251])
	by decoy.rootkit.jp (Postfix) with SMTP id 1647943D2A
	for <hoge@example.com>; Sat,  9 Apr 2005 01:15:16 +0900 (JST)
Received: from 30.56.23.128 by 218.19.11.251; Fri, 08 Apr 2005 18:13:26 +0100
Message-ID: <QNYTBVFFHXPOGJWSBCSQK@hotmail.com>
From: "Adrian Snider" <yffotabsycff@hotmail.com>
Reply-To: "Adrian Snider" <yffotabsycff@hotmail.com>
To: hoge@example.com
Subject: I'm interested ,Please more information, please get back to me
Date: Fri, 08 Apr 2005 14:13:26 -0300
X-Mailer: Microsoft Outlook, Build 10.0.2627
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--0749739066439441341"
X-Priority: 3
X-MSMail-Priority: Normal

Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Dear Sir,  Order your branded Rolex and Tag Heuer etc now to enjoy free shipping for this month! 
Why wait?
Thousands have been sold, and we have very limited stock remaining. 
To view our extensive selection, visit our website now at:  http://sckiself.xbsta.info/   
Price range from only $39 - $160 ィC get that watch you always dreamed of!  
Regards, 
Jeff  
Division Sales Manager  Top Notch Watches