From Pine View Farm

I Get Mail 0

This has to be the lamest piece of spam that’s slipped through my filters in a long time.

They didn’t even bother to spoof the “From” field convincingly. It came from “” via a Yahoo account in the UK. You’d think that they at least could have made the “From” (which has nothing to do with the actual route of the email) to read From [ISP Name].

Attention Webmail User:

Today, 29/05/2010, we experienced an email outage. No email or address contacts have been lost, but you may notice some of your stored email and address book
contacts are temporarily unavailable. Our technicians are working hard to resolve the issue, and your email will be completely restored within the next 48
hours. We apologize for the inconvenience. Email update . 29/05/2010: Because of the recent email outage, you may notice that some emails from 2/3/10 are
temporarily unavailable. Our technicians are working hard to restore these emails. Your email and contact list will be completely restored as soon as
possible. We apologize for the inconvenience.
To complete your Account Verification process, you are to reply this message and enter your Username and Password in the space provided below, you are
required to do this before the next 48hrs of receipt of this e-mail,or your mail Account will be de-activated and erased from our Database.

Username: ( )
Password: ( )

[ISP Name] Internet.

Headers below the fold:

Headers. The originating source site is in bold.

Received: from ([]) by
(InterMail vM. 201-2244-105-20090324) with ESMTP id
<> for
; Sat, 29 May 2010 14:02:41 -0400
Received: from ([]) by with IMP id PW9B1e00231nnSF01W9CvV; Sat, 29 May 2010
14:09:12 -0400
X-VR-Score: 120.00
X-Authority-Analysis: v=1.1 cv=78CJRzJdpO/1R2DnVqIJkYeLVJxEM8UZEU13AnZd2qM= c=1 sm=1 a=zNANCjgXmV0A:10 a=Kv72a8zwwnfqDgMXW21hTw==:17 a=1EwbmwM8Hcr2jA7C32oA:9 a=u-vx-5DsDX_M-ApuXBYA:7 a=p3Bf10xE77gDXFM1b2vgeLrWY3QA:4 a=wPNLvfGTeEIA:10 a=eI-GSVCR-GLU9t3m:21 a=WUghuJYvyXmsa8Rd:21 a=lxcp_J7qXEGRz-RyC48A:7 a=CuzJ6gOFc6FU4XitBeXp5BZvLf8A:4 a=rIXrWvXYs+Qfmi7hmnIkjQ==:117
X-CM-Score: 0.00
Received: from [] by with NNFMP; 29
May 2010 18:02:39 -0000
Received: from [] by with NNFMP; 29 May
2010 18:02:39 -0000
Received: from [] by with NNFMP; 29 May
2010 18:02:39 -0000
X-Yahoo-Newman-Property: ymail-3
Received: (qmail 79627 invoked by uid 60001); 29 May 2010 18:02:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1275156159; bh=3hXELIzS6JiVchHq6Papm6WwnSH+3r7dAQsJHXgPygc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=1dzHr0VzNcHFg8oMgQf0IyqGNz7eDsDsqDiVlg1Wl3Lfkvia33Oy4eCE6qk43pI/SlYm8KMCWISvXghaPit14neYhuauzA/mpntOpxYQNPPMnrVyXl9SsVyT755gMZMmPXErOodI77/M0nj8AcTmcNLD2n9aqBg+eVYpHnheMCo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=ITJCCnrp95Vd1118+hNxcbWYqgWtt/O0UpT1ZwBmOIm0UM3uV+lkomNYlSHJz9hIN21+/ng7olNAa6dNxvLlxHuaZQfAfCeARh3KPTmXFB7WIUu9JqIQPJvzdEa3FaBLO1bfGnTPvJPA8qmDm4Z0mZTdtqxKLghFefkgJ/eTsoo=;
Message-ID: <>
X-YMail-OSG: _bx4Gy4VM1nbsG63Z1au85SW9F4LqIvEV77C4SF8xgZ9yzw 5Z41YZ.yk2RLzIXfIYWkB0rDMSBAyd6HIPwKZwHQ5xLoupfUPsZgqjYEx3OR S0flQ.MzZX2eA75xdjLfI2Y6VU0E2Y1OWxbb_AUJhHFrK.YaDG8v_gYkIiTX 00Ii7JRXhfJyG5zF7oG_KBqWg1TECU3yGhxj0pHqnY4CP9Gzm0qTZEYGPItG PN33V1lBJuCVdb2zvaitYxW.UxC_EQ91StkLRO3cXytf8lOsJaPJcakKsPW3 xtE_pW95o6WQWlL51Ff6Omm.Amwb0zJMoC3_h0kObXN6WiWpPD39wqd6BJ9g iL6g423_Ixpx6z2VOLm4XCzbazAOFOqybY8vDDwDEyBuWkOPdNfipSTkGnHl oKlS64qXexPpUGj2.t_KNgdrRAgD44c1io3d9nmgpapDPVlodfEwtD9AYJoF gnddTTQT3_J_PmcfGQANhazQKYnnSiXTyKXCjjUaphfkFk2nvs8yBjMbvQtd Enc3rlQPmkQ–
Received: from [] by via HTTP; Sat,
29 May 2010 18:02:39 GMT
X-Mailer: YahooMailClassic/11.0.8 YahooMailWebService/
Date: Sat, 29 May 2010 14:02:39 -0400
From: “Webmail Helpdesk”
Subject: Attention Webmail User:
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”0-2066902011-1275156159=:78081″

Here’s the output of the whois:

% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘ –’

inetnum: –
netname: YAHOONET
descr: Yahoo! Europe
country: GB
admin-c: YEU-RIPE
tech-c: YEU-RIPE
mnt-by: YAHOO-MNT
mnt-lower: YAHOO-MNT
mnt-routes: YAHOO-MNT
source: RIPE # Filtered

role: Yahoo Europe Operations Department
address: Yahoo Europe Operations
address: 125 Shaftesbury Avenue
address: London
address: WC2H 8AD
remarks: trouble:
admin-c: NA1231-RIPE
tech-c: SCY3-RIPE
tech-c: NA1231-RIPE
tech-c: IG1154-RIPE
tech-c: DR2790-RIPE
tech-c: CJO3-RIPE
nic-hdl: YEU-RIPE
mnt-by: YAHOO-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: Yahoo-EU-NET
origin: AS15635
mnt-by: YAHOO-MNT
source: RIPE # Filtered


Comments are closed.