|
Several times a day I get some e-mails in my Outlook with a "from address". Actually when displaying the options of the e-mail there is a from e-mail address but with 2 "" in front of the name. I assume that this causes Outlook to not display the from address.
The strange thing is I can't find any log entries for that e-mail in my SPAM log file. Nor is there any entry in my Quarantine file.
And 3rd, I have a keyword filter file with the words online,pharmacy which should have caught the above e-mail. Again, I assume after it's not in the log file that SPAMFilter did not see it, thus, did not reject it.
I am curious how somebody could send an e-mail circumventing the SPAMFilter alltogether?
Here is a part of the log http://file:" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://file:
04/18/03 13:51:52:890 -- (380) Connection from: 146.82.203.151 - Originating country : United States
04/18/03 13:51:53:327 -- (380) Resolving 146.82.203.151 - Not found
04/18/03 13:51:53:327 -- (380) - Reverse DNS not found -
04/18/03 13:51:53:327 -- (380) 146.82.203.151 - Mail from: mailto:adam@uwinit.rectifying.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - adam@uwinit.rectifying.net To: mailto:gerd.goebel@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - gerd.goebel@bavarian-cons.com will be quarantined
04/18/03 13:51:53:984 -- (380) EMail from mailto:adam@uwinit.rectifying.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - adam@uwinit.rectifying.net to mailto:gerd.goebel@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - gerd.goebel@bavarian-cons.com was received and quarantined. Size: 8 KB
04/18/03 13:51:54:077 -- (380) Disconnect
04/18/03 14:05:32:796 -- (1864) Connection from: 132.190.235.109 - Originating country : United States
04/18/03 14:05:33:062 -- (1864) Resolving 132.190.235.109 - diamond.us.varian.com
04/18/03 14:05:33:077 -- (1864) Mail from: mailto:actionli@us.varian.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - actionli@us.varian.com
04/18/03 14:05:33:374 -- (1864) - MAPS search done... .
04/18/03 14:05:33:390 -- (1864) RCPT TO: mailto:Notify@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Notify@bavarian-cons.com accepted
04/18/03 14:05:33:984 -- (1864) EMail from mailto:kim.ward@varian.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kim.ward@varian.com to mailto:Notify@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Notify@bavarian-cons.com was queued. Size: 5 KB
04/18/03 14:05:33:999 -- (380) Sending email from mailto:kim.ward@varian.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kim.ward@varian.com to mailto:Notify@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Notify@bavarian-cons.com
04/18/03 14:05:34:218 -- (380) EMail from mailto:kim.ward@varian.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kim.ward@varian.com to mailto:Notify@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Notify@bavarian-cons.com was forwarded to 209.233.124.30
04/18/03 14:05:34:280 -- (1864) Disconnect
04/18/03 14:11:35:952 -- (380) Connection from: 65.61.188.17 - Originating country : N/A
04/18/03 14:11:36:124 -- (380) Resolving 65.61.188.17 - mail5.fulfillmentcenter123.com
04/18/03 14:11:36:140 -- (380) Mail from: mailto:bounce-106542612-3108@mail5.fulfillmentcenter123.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bounce-106542612-3108@mail5.fulfillmentcenter123.com
04/18/03 14:11:36:249 -- (380) - MAPS search done... 521 The IP 65.61.188.17 is Blacklisted by bl.spamcop.net.6Blocked - see http://spamcop.net/bl.shtml?65.61.188.17" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spamcop.net/bl.shtml?65.61.188.17" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spamcop.net/bl.shtml?65.61.188.17 .
04/18/03 14:11:36:249 -- (380) 65.61.188.17 - Mail from: mailto:bounce-106542612-3108@mail5.fulfillmentcenter123.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bounce-106542612-3108@mail5.fulfillmentcenter123.com To: mailto:gerd.goebel@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - gerd.goebel@bavarian-cons.com will be quarantined
04/18/03 14:11:36:702 -- (380) EMail from mailto:returns-bckirheiceugckz@fulfillmentcenter123.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - returns-bckirheiceugckz@fulfillmentcenter123.com to mailto:gerd.goebel@bavarian-cons.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - gerd.goebel@bavarian-cons.com was received and quarantined. Size: 3 KB
04/18/03 14:11:36:780 -- (380) Disconnect
This is the e-mail header from Outlook:
Microsoft Mail Internet Headers Version 2.0
Received: from 209.233.124.30 ([61.159.235.36]) by NETFINITY.bavarian-cons.com with Microsoft SMTPSVC(5.0.2195.5329);
Fri, 18 Apr 2003 14:06:24 -0700
Received: from tbyy.ccj4.org [231.27.114.199]
by 209.233.124.30 with ESMTP id 68885965;
Fri, 18 Apr 2003 19:06:00 -0300
Message-ID: <na-n60$3h6mi26$ca-i94$x2z-8-4@3ja.1vu>
From: "" <sum@milo.vcn.bc.ca>
To: <gerd.goebel@bavarian-cons.com>
Subject: Fw: Meds - Never Leave Home!
Date: Fri, 18 Apr 03 19:06:00 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="8_.DC.8__EF_C"
Return-Path: sum@milo.vcn.bc.ca
X-OriginalArrivalTime: 18 Apr 2003 21:06:26.0562 (UTC) FILETIME=[5FE3B620:01C305EE]
--8_.DC.8__EF_C
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
--8_.DC.8__EF_C-
And this is the contents of the e-mail:
24 Hour
Online Pharmacy
No Prior Prescriptions
Private & Confidential
Overnight Shipping
We have a very large selection of
FDA approved medications!
Come Take A Look
====================
Not Interested
|