(元)うつ病患者の独り言 for はてなブログ

★ここ(はてなブログ)は、自身のポータル(自己紹介、リンク集)および、はてなダイアリー過去掲載分保管用に運用しています。通常のつぶやきはX(Twitter)及びタイッツーをどうぞ。 ※ブログコメントは無効にしています。反応はX(Twitter)またははてなブックマークでお願いします。

今日のspam

Spam

配信不能レポート(Non-Delivery Report)悪用のスパムメール拡散が広まっています

・意味を要約すると、「エラーによる不達メールに広告を仕込んで大量にばらまく、新しい手法のspam(迷惑メール)」です。
・今日夕食後にメールチェックして仰天しました。普段は2〜3件しか入らないBecky!の迷惑メールボックスに151件、普段は30件程度のプロバイダのフィルタに引っかかるspamが134件!即刻プロバイダにこの状況を報告しました。
・ここにも一部掲載してみます。
spam対策のため、メールアドレスやURLは一部伏せます)
(いつもと違うキャプチャ方法なので一部デコードが不完全な部分があります)

  • その1

Received: from [202.248.234.27] ([202.248.234.27])
by asm4.tnc.ne.jp ([218.219.15.246])
with ESMTP id 2008060502:00:10:977604.4846.1911
for 【僕のメールアドレス】
Thu, 05 Jun 2008 02:00:10 +0900 (JST)
Received: (qmail 3828 invoked from network); 5 Jun 2008 01:57:27 +0900
Received: from sv02.xsp.fenics.jp (202.248.234.8)
by sv11.xsp.fenics.jp with SMTP; 5 Jun 2008 01:57:27 +0900
Received: (qmail 19269 invoked from network); 5 Jun 2008 01:57:26 +0900
Received: from sv06.xsp.fenics.jp (202.248.234.12)
by sv02.xsp.fenics.jp with SMTP; 5 Jun 2008 01:57:26 +0900
Received: (qmail 10981 invoked from network); 5 Jun 2008 01:57:26 +0900
Received: from ip213.user.xsp.fenics.jp (HELO mesco-serv7.mesco.co.jp) (202.248.21.213)
by sv06.xsp.fenics.jp with SMTP; 5 Jun 2008 01:57:26 +0900
From: Postmaster@mesco.co.jp
To: "clare vishvjit" 【僕のメールアドレス】
Subject: DELIVERY FAILURE:
=?ISO-2022-JP?B?GyRCJWYhPCU2ITwbKEIgbXV0byAobXV0b0BtZXNjby5jby5qcCkg?=
=?ISO-2022-JP?B?GyRCJE8bKEIgRG9taW5vIBskQiVHJSMlbCUvJUglaiRLJE84KxsoQg==?=
=?ISO-2022-JP?B?GyRCJEQkKyRqJF4kOyRzISMbKEI=?=
Date: Mon, 02 Jun 2008 16:59:17 +0000
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-MIMETrack: Itemize by SMTP Server on MESCO-SERV7/MESCO_NOTES(Release 6.5.4|March 27, 2005) at
2008/06/05 01:57:25,
Serialize by Router on MESCO-SERV7/MESCO_NOTES(Release 6.5.4|March 27, 2005) at
2008/06/05 01:57:26,
Serialize complete at 2008/06/05 01:57:26
Message-ID:
Content-Type: multipart/report; report-type=delivery-status; boundary="==IFJRGLKFGIR29977798UHRUHIHD"
X-TERRACE-SPAMMARK: NO (SR:0.92)
(by Terrace)

    • ==IFJRGLKFGIR29977798UHRUHIHD

Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit

Your message

Subject: Breitling

was not delivered to:

m○○○o@mesco.co.jp

because:

ユーザー muto (m○○○o@mesco.co.jp) は Domino ディレクトリには見つかりません。

    • ==IFJRGLKFGIR29977798UHRUHIHD

Content-Type: message/delivery-status

Reporting-MTA: dns;mesco-serv7.mesco.co.jp

Final-Recipient: rfc822;m○○○o@mesco.co.jp
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Notes; ユーザー muto (m○○○o@mesco.co.jp) は Domino ディレクトリ
には見つかりません。

    • ==IFJRGLKFGIR29977798UHRUHIHD

Content-Type: message/rfc822

Received: from sv17.xsp.fenics.jp ([202.248.234.25])
by mesco-serv7.mesco.co.jp (Lotus Domino Release 6.5.4)
with SMTP id 2008060501572541-18704 ;
Thu, 5 Jun 2008 01:57:25 +0900
Received: from (unknown [202.248.234.25]) by Spam-Serv1.mesco.co.jp with smtp
id 1d93_07c2612c_3256_11dd_9624_00a0d1e532c3;
Thu, 05 Jun 2008 01:48:16 +0900
Received: (qmail 9141 invoked from network); 5 Jun 2008 01:49:22 +0900
Received: from unknown (HELO sv17.xsp.fenics.jp) (127.0.0.1)
by localhost with SMTP; 5 Jun 2008 01:49:21 +0900
Received: (qmail 9041 invoked from network); 5 Jun 2008 01:49:19 +0900
Received: from dsl.dynamic812152015.ttnet.net.tr (81.215.20.15)
by sv17.xsp.fenics.jp with SMTP; 5 Jun 2008 01:49:19 +0900
From: "clare vishvjit" 【僕のメールアドレス】
To:
Subject: Breitling
Date: Mon, 02 Jun 2008 16:59:17 +0000
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-MIMETrack: Itemize by SMTP Server on MESCO-SERV7/MESCO_NOTES(Release 6.5.4|March 27, 2005) at
2008/06/05 01:57:25,
Serialize by Router on MESCO-SERV7/MESCO_NOTES(Release 6.5.4|March 27, 2005) at
2008/06/05 01:57:26,
Serialize complete at 2008/06/05 01:57:26
Message-ID:
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C8C4E0.02BAE8F9"

This is a multi-part message in MIME format.

            • =_NextPart_000_0004_01C8C4E0.02BAE8F9

Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset="iso-8859-1"

      =20
  Click here
Impeccable reputation of Patek Philippe watches.
  =20
      =20

            • =_NextPart_000_0004_01C8C4E0.02BAE8F9

Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset="iso-8859-1"








     
 

Click here

Impeccable reputation of Patek Philippe watches.

  
     

            • =_NextPart_000_0004_01C8C4E0.02BAE8F9--
    • ==IFJRGLKFGIR29977798UHRUHIHD--
  • メール内URL調査結果

(aguse.jp:http://www.aguse.jp/?m=w&url=http%3A%2F%2Fwww.pokkeil.com&x=86&y=0

  • メールヘッダ調査結果

(aguse.jp:http://www.aguse.jp/?m=m&id=98ee37a53141869851c77ce8d7e335db984348d8%2Fb96e8576c29b115bffeca3baa172482be1b8f036

・送信元は(一応)日本国内、表示URLサーバはルーマニア

  • その2

Received: from [219.76.196.170] ([219.76.196.170])
by asm4.tnc.ne.jp ([218.219.15.246])
with ESMTP id 2008060501:39:11:870771.4846.2225
for 【僕のメールアドレス】
Thu, 05 Jun 2008 01:39:11 +0900 (JST)
From: postmaster@autosoundhk.com
To: 【僕のメールアドレス】
Date: Thu, 05 Jun 2008 00:39:13 +0800
Subject: failure notice
X-TERRACE-SPAMMARK: NO (SR:3.38)
(by Terrace)
Message-Id: <20080604163913.4E○○○32@mvc5.tnc.ne.jp>

Hi. This is the smtp delivery program.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.



, sorry, no mailbox here by that name.

      • Below this line is a copy of the message.

Received: from 190.40.224.154 ([190.40.224.154])
(envelope-sender 【僕のメールアドレス】)
by 192.168.0.170 with ESMTP
for ; Thu, 05 Jun 2008 00:39:13 +0800
Message-ID: <000501c8cf05$05536c18$3c3426be@fbhmugu>
From: "Exclusive Watch" 【僕のメールアドレス】
To: "Handbags"
Subject: Quality watches at 25% discount
Date: Sun, 15 Jun 2008 14:49:12 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0002_01C8CF05.054EC2EB"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198






  • メールヘッダ調査結果

(aguse.jp:http://www.aguse.jp/?m=m&id=98ee37a53141869851c77ce8d7e335db984348d8%2F26b9eb6adbc32e0ee04e7feeafecae6797323c4c

・送信元は(一応)香港、メール内は連絡先メールアドレスでURLは無し。

  • その3

Received: from [212.83.96.242] ([212.83.96.242])
by asm4.tnc.ne.jp ([218.219.15.246])
with ESMTP id 2008060501:56:53:445062.4846.1881
for 【僕のメールアドレス】
Thu, 05 Jun 2008 01:56:53 +0900 (JST)
Received: from localhost (localhost)
by mx1.lansilinkki.net (8.13.6/8.13.6) id m54GupGK008669;
Wed, 4 Jun 2008 19:56:51 +0300 (EEST)
Date: Wed, 4 Jun 2008 19:56:51 +0300 (EEST)
From: Mail Delivery Subsystem
Message-Id: <200806041656.m54GupGK008669@mx1.lansilinkki.net>
To: 【僕のメールアドレス】
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="m54GupGK008669.1212598611/mx1.lansilinkki.net"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-TERRACE-SPAMMARK: NO (SR:13.12)
(by Terrace)

This is a MIME-encapsulated message

    • m54GupGK008669.1212598611/mx1.lansilinkki.net

The original message was received at Wed, 4 Jun 2008 19:56:48 +0300 (EEST)
from 0x4dd49434.adsl.cybercity.dk [77.212.148.52]

----- The following addresses had permanent fatal errors -----

(reason: 550 5.1.1 User unknown)

----- Transcript of session follows -----
.... while talking to mail.diak.fi.:
>>> DATA<<< 550 5.1.1 User unknown
550 5.1.1 ... User unknown<<< 503 5.5.2 Need Rcpt command.

    • m54GupGK008669.1212598611/mx1.lansilinkki.net

Content-Type: message/delivery-status

Reporting-MTA: dns; mx1.lansilinkki.net
Received-From-MTA: DNS; 0x4dd49434.adsl.cybercity.dk
Arrival-Date: Wed, 4 Jun 2008 19:56:48 +0300 (EEST)

Final-Recipient: RFC822; caleigha@tk-opisto.fi
Action: failed
Status: 5.1.1
Remote-MTA: DNS; mail.diak.fi
Diagnostic-Code: SMTP; 550 5.1.1 User unknown
Last-Attempt-Date: Wed, 4 Jun 2008 19:56:51 +0300 (EEST)

    • m54GupGK008669.1212598611/mx1.lansilinkki.net

Content-Type: message/rfc822

Return-Path:
Received: from 0x4dd49434.adsl.cybercity.dk (0x4dd49434.adsl.cybercity.dk [77.212.148.52])
by mx1.lansilinkki.net (8.13.6/8.13.6) with ESMTP id m54GukGK008603
for ; Wed, 4 Jun 2008 19:56:48 +0300 (EEST)
Message-ID: <000601c8c663$01b7c3c5$330d39b1@djmwg>
From: "doyle tandy" 【僕のメールアドレス】
To:
Subject: Branded watches at clearance prices
Date: Wed, 04 Jun 2008 15:09:24 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01C8C663.01B32EF7"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

This is a multi-part message in MIME format.

            • =_NextPart_000_0003_01C8C663.01B32EF7

Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Fantastic brands all going for less than half =
price  http://www.po○○○ag.com/

            • =_NextPart_000_0003_01C8C663.01B32EF7

Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








Fantastic brands all going for =
less than half price  
http://www.po○○○ag.com/

            • =_NextPart_000_0003_01C8C663.01B32EF7--
    • m54GupGK008669.1212598611/mx1.lansilinkki.net--
  • メール内URL調査結果

(aguse.jp:http://www.aguse.jp/?m=w&url=http%3A%2F%2Fwww.posorlag.com&retry.x=56&retry.y=2

  • メールヘッダ調査結果

(aguse.jp:http://www.aguse.jp/?m=m&id=98ee37a53141869851c77ce8d7e335db984348d8%2Fd6a72bb0a594bce58503e463a1e170c548915842

・送信元は(一応)フィンランド、表示URLサーバはオーストラリア。