I receive a fair bit of spam but for the most part it’s advertising related. Every few days something arrives that could be quite nasty for the unwary recipient.
Today I received this:
This didn’t look right for several reasons, not least of which it wasn’t actually addressed to me, or that I’m not expecting a fax by email. I proceeded to check a few details like the ownership of the domains mentioned, and there were many of them. The raw text from the transcript between my laptop and the originator tells me plenty:
Return-Path: <firstname.lastname@example.org> Delivered-To: <email@example.com> Received: from smtp03.mailcore.me ([10.15.14.133]) by imap-02.atlas.pipex.net (Dovecot) with LMTP id dYLZDC9YW1QiZgAAr5MIww for <firstname.lastname@example.org>; Thu, 06 Nov 2014 11:17:23 +0000 Envelope-to: email@example.com Delivery-date: Thu, 06 Nov 2014 11:17:23 +0000 Received: from rockabee.plus.com ([220.127.116.11]) by smtp03.mailcore.me with esmtp (Exim 4.80.1) (envelope-from <firstname.lastname@example.org>) id 1XmL46-00054H-W9; Thu, 06 Nov 2014 11:17:23 +0000 Message-ID: <W86ZQ5MV.email@example.com> Date: Thu, 6 Nov 2014 11:24:58 +0000 From: "Fax" <firstname.lastname@example.org> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: <email@example.com> Subject: You've received a new fax Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit New fax at SCAN2240904 from EPSON by https://rapidbi.com Scan date: Thu, 6 Nov 2014 11:24:58 +0000 Number of pages: 2 Resolution: 400x400 DPI You can secure download your fax message at: http://kidzcornerwoodwork.co.uk/messages/fax.php (eFax Drive is a file hosting service operated by J2, Inc.)
So it’s apparently from rapidbi.com, but was sent from courrier.uqam.ca and it directs you to a site at kidzcornerwoodwork.co.uk to retrieve your message, which is apparently from Epson!
However, the original message comes from rockabee.plus.com, so I tried to contact Plusnet (a division of BT). Of course, sending this email to their ‘abuse’ mailbox results in it being flagged as spam so I contacted them on twitter without real success.
@plusnet I’m trying to tell you about one of *your* customers who is spamming but your spam email address bounces my email transcript
— Paul Turvey (@thepaulturvey) November 6, 2014
I’ll now suggest Plusnet reads this blog as it would seem that one of their customers is originating spam.