From: <mailto:everify@slotsalley.com>SPAM

mikepipe

Dormant account
Joined
Oct 31, 2005
Location
still progressing
i have little knowldge about identifying spammers. Just got this mail (title is nice, guess it really means "verify"... Do they send this as a testmail?
It doesnt have any content.

not necessary to say: never played there and never will.
Could someone give me a SHORT lesson in tracking this?

I should mention: I transferred it from on of my email accounts to another to see the header.



Return-Path: <yyymikepipe>
Received: from fwd28.aul.t-online.de (fwd28.aul.t-online.de [172.20.26.142])
by mhead43 with LMTP; Tue, 20 Feb 2007 17:44:55 +0100
X-Sieve: CMU Sieve 2.2
Received: from 127.0.0.1 (ZwjE7qZDge2Nabw6qH5K2z1Lfeaa1WWp5Cu5ae4Nznr-jqKvgV-30c@[IPxxxmikepipe]) by fwd28.sul.t-online.de
with smtp id 1HJY6W-1Z8wDY0; Tue, 20 Feb 2007 17:44:36 +0100
MIME-Version: 1.0
Subject: {1244d4b9-7b3b-4636-bf4a-9940802c9bec} (fwd)
From: yyyyymikepipe
To: <yyyyymiekpipe>
X-Mailer: T-Online eMail 6.02.0003
Content-Type: Multipart/Alternative;
Boundary="__Next_1171989874_Part16__"
Date: 20 Feb 2007 16:44 GMT
Message-ID: <1HJY6W-1Z8wDY0@fwd28.sul.t-online.de>
X-ID: ZwjE7qZDge2Nabw6qH5K2z1Lfeaa1WWp5Cu5ae4Nznr-jqKvgV-30c
X-TOI-SPAM: n;1;2007-02-20T16:44:55Z
X-TOI-VIRUSSCAN: clean
X-TOI-EXPURGATEID: 149288::070220174455-44BAF080-56239997/0-0/0-1
X-TOI-SPAMCLASS: Clean, Whitelisted
X-TOI-MSGID: ca683aec-e40c-4070-bd15-bf9661361ec8
X-Seen: false
X-ENVELOPE-TO: <yyymikepipe>
---Ursprngliche Nachricht---
From: <mailto:everify@slotsalley.com>
To: <mailto:yyyyymikepipe>
Subject: {1244d4b9-7b3b-4636-bf4a-9940802c9bec}
 
Slotsalley is notorious for using spam as a marketing tool. They usually blame an affiliate on doing it - but they got busted out some time ago when it turned out they were using the same aff link several times in a row.
https://www.casinomeister.com/popular-casino-group/

As for figuring out where spam is coming from - you need to be able to decipher the header. Here is a good primer:
You do not have permission to view link Log in or register now.
 
Ha ha. Now I got one. Check it out. This is the full header:

X-Persona: <Casinomeister>
Return-Path: <everify@slotsalley.com>
Delivered-To: me@casinomeister.com
Received: (fqmail 4621 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from mx10.futurequest.net (mx10.futurequest.net [69.5.6.182])
by pt02.futurequest.net ([69.5.6.173])
with FQDP via TCP; 20 Feb 2007 17:58:49 -0000
Received: (qmail 27070 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from application.luckytraffic.com (lnd207-232-25-36.netvision.net.il [207.232.25.36])
by mx10.futurequest.net ([69.5.6.182])
with ESMTP via TCP; 20 Feb 2007 17:58:48 -0000
Received: from application ([127.0.0.1]) by application.luckytraffic.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 20 Feb 2007 12:58:46 -0500
thread-index: AcdVGMSjPMsHJgyHR3+U1jGD530gEA==
Thread-Topic: {017c0e97-6575-48a6-9642-e6e4654a6b01}
From: <everify@slotsalley.com>
To: <me@casinomeister.com>
Subject: {017c0e97-6575-48a6-9642-e6e4654a6b01}
Date: Tue, 20 Feb 2007 12:58:46 -0500
Message-ID: <1bf5001c75518$c4a37050$fd42000a@luckytraffic.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Return-Path: everify@slotsalley.com
X-OriginalArrivalTime: 20 Feb 2007 17:58:46.0997 (UTC) FILETIME=[C4A37050:01C75518]

 
Now, let's take this apart:

In this section, it shows what email address sent this (in many cases it's spoofed) and shows the IP that it was delivered to. 69.5.6.182 is my server's IP.

X-Persona: <Casinomeister>
Return-Path: <everify@slotsalley.com>
Delivered-To: me@casinomeister.com
Received: (fqmail 4621 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from mx10.futurequest.net (mx10.futurequest.net [69.5.6.182])
by pt02.futurequest.net ([69.5.6.173])
with FQDP via TCP; 20 Feb 2007 17:58:49 -0000


The following is important. Here shows us where the email came from. This is usally not spoofed. Lucktraffic.com is the domain where Slotsalley, etc resides. So this is coming directly from the casino. Busted.


Received: (qmail 27070 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from application.luckytraffic.com (lnd207-232-25-36.netvision.net.il [207.232.25.36])
by mx10.futurequest.net ([69.5.6.182])
with ESMTP via TCP; 20 Feb 2007 17:58:48 -0000
Received: from application ([127.0.0.1]) by application.luckytraffic.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 20 Feb 2007 12:58:46 -0500
 
Now, let's take this apart:

In this section, it shows what email address sent this (in many cases it's spoofed) and shows the IP that it was delivered to. 69.5.6.182 is my server's IP.

X-Persona: <Casinomeister>
Return-Path: <everify@slotsalley.com>
Delivered-To: me@casinomeister.com
Received: (fqmail 4621 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from mx10.futurequest.net (mx10.futurequest.net [69.5.6.182])
by pt02.futurequest.net ([69.5.6.173])
with FQDP via TCP; 20 Feb 2007 17:58:49 -0000


The following is important. Here shows us where the email came from. This is usally not spoofed. Lucktraffic.com is the domain where Slotsalley, etc resides. So this is coming directly from the casino. Busted.


Received: (qmail 27070 invoked from network); 20 Feb 2007 17:58:49 -0000
Received: from application.luckytraffic.com (lnd207-232-25-36.netvision.net.il [207.232.25.36])
by mx10.futurequest.net ([69.5.6.182])
with ESMTP via TCP; 20 Feb 2007 17:58:48 -0000
Received: from application ([127.0.0.1]) by application.luckytraffic.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 20 Feb 2007 12:58:46 -0500

What's even more funny is the return address - everify@ ??

Anyone with half a brain would know that replying to this email would only verify your email address so they can continue to spam you. :what:

I like how gmail and other web-based systems now have embedded graphics turned off. If you receive spam with images in it, do not view the images! That is another sure way for them to verify a working email address.
 

Users who are viewing this thread

Meister Ratings

Back
Top