On Thu, 18 Jul 2013 00:34:19 +0200 Ralf Mardorf <ralf.mard...@alice-dsl.net> wrote:
> On Wed, 2013-07-17 at 22:22 +0100, Joe wrote: > > Ralf, it's a gmail address. What do you expect? > > You can dig deeper, and find that an Amazon address is quoted with a > > bogus HELO, but the gmail should be enough. > > Hey Joe, > > perhaps I should have read the header. > > Why do you take gmail as evidence for spam? > Long experience... Google and Yahoo are among the world's worst spammers among legitimate companies. Nobody in any kind of official position, which the subject implies, would ever be permitted to use a free webmail service to contact potential clients. And look at the address itself: a purely personal one including a number. > > PS: FWIW whois doesn't inform about Amazon. > > "Organization Amazon Technologies" > http://toolshack.com/OFFANDAWAYMAIL.com > > $ whois OFFANDAWAYMAIL.com > > Whois Server Version 2.0 > > Domain names in the .com and .net domains can now be registered > with many different competing registrars. Go to > http://www.internic.net for detailed information. > > Domain Name: OFFANDAWAYMAIL.COM > Registrar: GODADDY.COM, LLC > Whois Server: whois.godaddy.com > Referral URL: http://registrar.godaddy.com > Name Server: NS35.DOMAINCONTROL.COM > Name Server: NS36.DOMAINCONTROL.COM > Status: clientDeleteProhibited > Status: clientRenewProhibited > Status: clientTransferProhibited > Status: clientUpdateProhibited > Updated Date: 07-aug-2012 > Creation Date: 18-aug-2011 > Expiration Date: 18-aug-2013 > OK, but I'll raise you a: Received: from [54.224.25.235] ([54.224.25.235:36107] helo=offandawaymail.com) # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=54.224.25.235?showDetails=true&showARIN=false&ext=netref2 # NetRange: 54.224.0.0 - 54.239.255.255 CIDR: 54.224.0.0/12 OriginAS: AS16509 NetName: AMAZON-2011L It's a big network and Amazon are sub-letting. But look at the content of the email, who it is addressed to, the complete lack of any name, or any mention of the subject of the page or what the 'questions' might be about. A dead giveaway of harvesting, I would have said. Any genuine enquiry would deliberately include enough specific references to the page itself or the intended email recipient to avoid looking like a scam. A genuine enquirer certainly wouldn't send an enquiry about a website to what is obviously a mailing list address. And why would the real maintainers of the site be likely to want to buy bogus degrees? Maybe I'm just more paranoid than you are. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130718000902.7c31f...@jretrading.com
