I’ve spent a lot of time fighting spam, first in my mailbox using programs/tools such as: MailSmith, SpamAssassin, SpamSieve, even SpamCop but also on this blog with a variety of WordPress plugins. I used to get 100s of spam emails a day at Muschamp.ca but after something my webhost presumably did I get noticeably less and very few make it to my inbox, one simply titled “Hello” recently did:
Attention Beneficiary, You have been chosen through your email by the UNDP for Humanitarian Development Cash Grant Program to enhance and develop the standard of living geared towards poverty eradication as targeted by the year 2020. You have been granted the sum of $4,000,000.00 USD, your grant pin# (UNF/FBF-816-1119 G-900-94). Contact UNDP Executive Secretary Mr. Barry Gibson with this email: email@example.com
They want contact info, not even banking info and it concludes with the following:
This transmission is not a digital or electronic signature and cannot be used to form, document, or authenticate a contract. Hilton and its affiliates accept no liability arising in connection with this transmission.Copyright 2012 Hilton Worldwide Proprietary and Confidential
I don’t know what Rogers and Hilton are doing, usually less prominent domain names are involved, but this is still laughably bad. The email came from Sara Hammond who has a hilton.com email address and wants me to contact Barry Gibson who has a rogers.com email address. Surely those corporations are large enough to hire IT people to stop this or at the very least should ensure their employees don’t get any scumware on their computer. So few spam get through to my inbox now a days, that when they do they are sometimes amusing. So before I ‘mark this as spam’ I decided to share it and hopefully shame two corporations into action.
Here is the full Internet headers for those curious:
From ???@??? Thu Oct 11 17:00:35 2012 Return-path: Envelope-to: firstname.lastname@example.org Delivery-date: Thu, 11 Oct 2012 19:13:12 -0400 Received: from mail28.messagelabs.com ([220.127.116.11]) by www30.yourdnshost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1TMRwG-0003FO-A9 for email@example.com; Thu, 11 Oct 2012 19:13:12 -0400 X-Env-Sender: Sara.Hammond@hilton.com X-Msg-Ref: server-8.tower-28.messagelabs.com!1349997190!34372828!1 X-Originating-IP: [18.104.22.168] X-StarScan-Received: X-StarScan-Version: 22.214.171.124; banners=-,-,- X-VirusChecked: Checked Received: (qmail 5772 invoked from network); 11 Oct 2012 23:13:10 -0000 Received: from unknown (HELO TLS.Hilton.com) (126.96.36.199) by server-8.tower-28.messagelabs.com with AES128-SHA encrypted SMTP; 11 Oct 2012 23:13:10 -0000 Received: from RTPHILX008.hotels.ad.hilton.com (10.20.95.13) by TLS.Hilton.com (10.20.1.9) with Microsoft SMTP Server (TLS) id 8.3.279.1; Thu, 11 Oct 2012 19:11:53 -0400 Received: from RTPHILCE09.hotels.ad.hilton.com ([fe80::59ed:a4e8:4825:756f]) by RTPHILX008.hotels.ad.hilton.com ([::1]) with mapi; Thu, 11 Oct 2012 19:13:09 -0400 From: Sara Hammond Date: Thu, 11 Oct 2012 19:13:08 -0400 Subject: Hello Thread-Topic: Hello Thread-Index: AQHNqAX6TV6A0jGC30GA4aYBNRv4dQ== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US x-tm-as-product-ver: SMEX-10.0.0.1412-7.000.1014-19262.000 x-tm-as-result: Yes-72.546100-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0
Apparently messagelabs.com is also involved, they seem to be owned by Symantec so I guess this spam is virus free.
- 120 Megs of Spam
- Now this is believeable spam
- Who actually buys stuff from “Pharmacy Express” and “Healthcare Online”?
- Russian Spammers
This entry was originaly posted on , it was last edited on and is filed under: Internet and tagged: Barry Gibson, email, Hilton, Mailsmith, messagelabs.com, Rogers, Sara Hammond, spam, SpamAssassin, SpamCop, SpamSieve.