Banging head againgst wall

I receive a fair bit of spam but for the most part it’s advertising related. Every few days something arrives that could be quite nasty for the unwary recipient.

Today I received this:

Screenshot from 2014-11-06 16:20:42This didn’t look right for several reasons, not least of which it wasn’t actually addressed to me, or that I’m not expecting a fax by email. I proceeded to check a few details like the ownership of the domains mentioned, and there were many of them. The raw text from the transcript between my laptop and the originator tells me plenty:

Return-Path: <temri.hassan@courrier.uqam.ca>
Delivered-To: <paul@xxxx.me.uk>
Received: from smtp03.mailcore.me ([10.15.14.133])
	by imap-02.atlas.pipex.net (Dovecot) with LMTP id dYLZDC9YW1QiZgAAr5MIww
	for <paul@xxxx.me.uk>; Thu, 06 Nov 2014 11:17:23 +0000
Envelope-to: paul@xxxx.me.uk
Delivery-date: Thu, 06 Nov 2014 11:17:23 +0000
Received: from rockabee.plus.com ([212.159.73.199])
	by smtp03.mailcore.me with esmtp (Exim 4.80.1)
	(envelope-from <temri.hassan@courrier.uqam.ca>)
	id 1XmL46-00054H-W9; Thu, 06 Nov 2014 11:17:23 +0000
Message-ID: <W86ZQ5MV.0808730@courrier.uqam.ca>
Date: Thu, 6 Nov 2014 11:24:58 +0000
From: "Fax" <fax@rapidbi.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <submittedjpo7@rapidbi.com>
Subject: You've received a new fax
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

New fax at SCAN2240904 from EPSON by https://rapidbi.com
Scan date: Thu, 6 Nov 2014 11:24:58 +0000
Number of pages: 2
Resolution: 400x400 DPI

You can secure download your fax message at:

http://kidzcornerwoodwork.co.uk/messages/fax.php

(eFax Drive is a file hosting service operated by J2, Inc.)

So it’s apparently from rapidbi.com, but was sent from courrier.uqam.ca and it directs you to a site at kidzcornerwoodwork.co.uk to retrieve your message, which is apparently from Epson!

However, the original message comes from rockabee.plus.com, so I tried to contact Plusnet (a division of BT). Of course, sending this email to their ‘abuse’ mailbox results in it being flagged as spam so I contacted them on twitter without real success.

I’ll now suggest Plusnet reads this blog as it would seem that one of their customers is originating spam.

This entry was posted in Internet, Security, Social Media, Technology. Bookmark the permalink.