[heroes] OBS-based spam from M$ Outhouse clients
From - Thu Sep 24 14:00:41 2020 X-Account-Key: account4 X-UIDL: 11ea-fe8e-b7c01cec-a208-00212857e2ce X-Mozilla-Status: 0011 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Status: U Return-Path:
Received: from noehlo.host ([209.86.89.126]) by mdl-serene.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1KlvpZ3eM3Nl34S0; Thu, 24 Sep 2020 13:52:31 -0400 (EDT) Received: from nmtai203.oxsus-vadesecure.net ([147.135.97.26]) by ibscan-independence.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1KlvpY2IX3PGoUe0 for ; Thu, 24 Sep 2020 13:52:30 -0400 (EDT) Received: from mx2.opensuse.org ([195.135.221.158]) by oxsus2nmtai03p.internal.vadesecure.com with ngmta id ec6c7bf0-1637c9afc70575ca; Thu, 24 Sep 2020 17:52:30 +0000 Received: from mx2.opensuse.org (localhost [127.0.0.1]) by mx2.opensuse.org (Postfix) with ESMTP id B9A29706 for ; Thu, 24 Sep 2020 17:52:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx2.infra.opensuse.org X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_MSPIKE_H2, SENDGRID_REDIR,STATIC_XPRIO_OLE,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=disabled version=3.4.2 X-Spam-Virus: No Received: from xtrwsqdf.outbound-mail.sendgrid.net (xtrwsqdf.outbound-mail.sendgrid.net [167.89.100.223]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mx2.opensuse.org (Postfix) with ESMTPS for ; Thu, 24 Sep 2020 17:52:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=from:subject:mime-version:content-type:reply-to:to; s=smtpapi; bh=xDD6/WADhAnOhQ03YGrUzxnxj0MEFdnn0F/eZFCWZA8=; b=xHB7d58oKuftvC/1veziNWFQKaLKoUkg9lsOsnIpjRxfNhtXnUbHjpaS+o+/vXldl2dn amMFlsVodkjqLymn+ua7YdaCg6F7vZi59Y5g7RQquil2NLgjxnVi3AbzOGF/OrjRt43Ui0 3dHl7YxxN+z4POekJLZdSdh5z5yWOKQKc= Received: by filterdrecv-p3mdw1-5dd6bc5999-kftgf with SMTP id filterdrecv-p3mdw1-5dd6bc5999-kftgf-16-5F6CD4BD-32 2020-09-24 17:17:49.531176555 +0000 UTC m=+242357.016120331 Received: from rtyaw (unknown) by ismtpd0010p1iad2.sendgrid.net (SG) with ESMTP id oGS-YOYUSOGpSR3kJBeeKg for ; Thu, 24 Sep 2020 17:17:49.471 +0000 (UTC) Message-ID: <15EFA6334692B0E33F3A73CCE8DB107D@mvrimaging.com> From: Steven Wood Subject: Re: debit confirmation Date: Thu, 24 Sep 2020 17:17:49 +0000 (UTC) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_118E_01D69296.A0B6C2D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 15.4.3538.513 X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513 Reply-To: Steven Wood X-SG-EID: =?us-ascii?Q?SlUR3N0yrbRkPhXJAnYQqFLRb8kuDQ=2FcoLWsS9Hw8w89rY9yWwqsvO+f5aAcVi?= =?us-ascii?Q?MG8JypoyLFVJJ4wJKhap8QPgSD23DdEmtPYJt7Z?= =?us-ascii?Q?g1UDlUcszGkvd9szrVoRjrVxsTey8iEgTY0Zm+B?= =?us-ascii?Q?Q2PSPupy2I9KHkguInKWrn1I+4CQ1ZmTqcUYUVI?= =?us-ascii?Q?xr3=2FWuAFOvZ+bkElrdbTdGWhqj2vbIF5e=2FyE7DR?= =?us-ascii?Q?Tp7M5T6iXLjSwlvTCfwzRWEdK4m9xBiiKIoPc7I?= =?us-ascii?Q?LoS2Jw1FbSPyvedK=2F4ALQ=3D=3D?= To: felix.miata@opensuse.org X-VadeSecure-Score: 0 X-VadeSecure-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudekgdduvddtucetufdoteggodetrfdotffvucfrrh hofhhilhgvmecugfettffvjffnkffpmfdpggftfghnshhusghstghrihgsvgenuceurghilhhouhht mecufedttdenucenucfjughrpefkhffuffggtgfrigfoqfhrvfesrgdtjeepfidtjeenucfhrhhomh epufhtvghvvghnucghohhougcuoehlvhgriihquhgviiesmhhvrhhimhgrghhinhhgrdgtohhmqeen ucggtffrrghtthgvrhhnpeeludeuteejteetvdeiieehudetffdvteevtdffheeiffelhfefudelle efgeetteenucffohhmrghinhepshgvnhgughhrihgurdhnvghtnecukfhppeduleehrddufeehrddv vddurdduheekpdduieejrdekledruddttddrvddvfeenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepihhnvghtpeduleehrddufeehrddvvddurdduheekpdhhvghlohepmhigvddrohhpvghn shhushgvrdhorhhgpdhmrghilhhfrhhomhepufftufdtpefkgedsueepffeupehsvghnughgrhhiug drnhgvthepsghouhhntggvshdokeefvdekfeeiledqvgejtgelqdhfvghlihigrdhmihgrthgrpeho
3 just today, and today's not the first day. Is this happening to everyone? Following are the texts of today's and sending UCTs: 17:17 Miata, by Open Build Service request - 5823 (preview in PDF), i will process additional 2,572 from your payroll because of customer request (PDF copy). Call me till 3 pm please. Open Build Service outsource specialist 19:12 Felix Miata, i am a new one in Open Build Service. What time do i need to process 3,582 from your payroll (preview in PDF)? It is because of customer complaint request (preview in PDF). Call me back please till 2 pm. Open Build Service outsource specialist 20:34 Felix Miata, i will process your weekly debit by Open Build Service request and client complaint. Report is available: https://u5614280.ct.sendgrid.net/ls/click?upn=NTI461ARMg5i3ROxrXgcIvSbfV6ANH... What time you will be in office today? I am driving right now to you. Open Build Service HR outsource manager Headers from the earliest of the three: phgvnhhsuhhsvgdrohhrghesohhpvghnshhushgvrdhorhhgpdhrtghpthhtohepmhhrmhgriigurg esvggrrhhthhhlihhnkhdrnhgvthdpmhhouggvpehsmhhtphdpghgvthdqufgrfhgvfghnshhusghs tghrihgsvgdpshhpfheprfgrshhspdgukhhimheprfgrshhspdggtfgfnhhsuhgsshgtrhhisggv X-VadeSecure-Status: Legit X-VadeSecure-Verdict: clean X-VadeSecure-Malware: Clean X-VadeSecure-Originating-IP: 195.135.221.158 Received-SPF: Pass Received-DKIM: Pass X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000; This is a multi-part message in MIME format. ------=_NextPart_000_118E_01D69296.A0B6C2D0 -- Evolution as taught in public schools, like religion, is based on faith, not on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Felix Miata wrote:
3 just today, and today's not the first day. Is this happening to everyone?
Yesterday we processed 163 messages from sendgrid to 73 unique recipients @opensuse.org, of which 29 were rejected as spam.
Headers from the earliest of the three: [snip] X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx2.infra.opensuse.org X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_MSPIKE_H2, SENDGRID_REDIR,STATIC_XPRIO_OLE,UNPARSEABLE_RELAY,URIBL_BLOCKED
Unfortunately, simply not enough to reject it outright. -- Per Jessen, Zürich (11.3°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Felix Miata composed on 2020-09-24 19:17 (UTC-0400) ... Forwarding headers to abuse@sendgrid.com hasn't had any perceptible effect on the problem. I've done it a bunch of times, and got another just 8 minutes after submitting the last report, and from the same apparent sender as the last two spams (3 from same Microsoft Windows Live Mail 14.0.8117.416 source in less than one hour). -- Evolution as taught in public schools, like religion, is based on faith, not on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Felix Miata wrote:
Felix Miata composed on 2020-09-24 19:17 (UTC-0400) ... Forwarding headers to abuse@sendgrid.com hasn't had any perceptible effect on the problem. I've done it a bunch of times, and got another just 8 minutes after submitting the last report, and from the same apparent sender as the last two spams (3 from same Microsoft Windows Live Mail 14.0.8117.416 source in less than one hour).
Yup. That is the general problem with mass email marketeers. They send a lot of spam. Any mass emailing company who claim they do everything they can do prevent spam is lying, pure and simple. Trying to prevent spam is inreconcilable with their business objectives. I like to send abuse reports to the domain, the operator, the network abuse address and a reputation or whitelist provider, if any. I have never tried to gauge whether it has any effect, but the reputation/whitelist providers are the most responsive. Sometimes an ISP when I threaten to block their entire range. (in a professional capacity). -- Per Jessen, Zürich (11.4°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (2)
-
Felix Miata
-
Per Jessen