No, I Did Not Send You Additional Information for a Generic Support Ticket

Received 14+ bogus spam emails in last 4 days or so thanking me for providing extra information for a generic support ticket.

Each email uses a very generic apearence, with certain simularities:

Subject is usually
Ticket [#Random Number]
- or -
If You use LinkedIn [#Random Number]

Email usually starts
Thank you for your letter of [Current Date], your information arrived today.
- or -
Thank you for your letter regarding our products and services, your information arrived today.
- or -
Thank you for contacting us, your information arrived today.

Email usually ends
Sincerely, [Random Name], Support Team Manager

However, they are clearly a scam and are coming via very different open mail relays with links actually pointing towards different equally suspicious destinations.

Delivered-To: christoperj@
Received: by 10.231.176.83 with SMTP id bd19csp10833ibb;
Mon, 11 Jun 2012 19:34:29 -0700 (PDT)
Received: by 10.100.243.28 with SMTP id q28mr7673730anh.43.1339468469221;
Mon, 11 Jun 2012 19:34:29 -0700 (PDT)
Received-SPF: softfail (: best guess record for domain of transitioning ticket@nickeldeon.nl does not designate 10.10.10.10 as permitted sender) client-ip=10.10.10.10;
Received: by 10.236.20.174 with POP3 id p34mf4000620yhp.5;
Mon, 11 Jun 2012 19:34:29 -0700 (PDT)
Return-Path:
Delivered-To:
Received: from mx1.([10.10.10.10])
by mss-us12.(Dovecot) with LMTP id RFkcCkOp1k/LSwAAWHoucg
for ; Tue, 12 Jun 2012 02:28:34 +0000
Received: from server10.configcenter.info (server10.configcenter.info [87.253.162.10])
by mx1.(Postfix) with SMTP id CF8643F0084
for ; Tue, 12 Jun 2012 02:28:32 +0000 (GMT)
Date: Tue, 12 Jun 2012 04:28:33 -0700
To: me23@
From: "Support Center"

Reply-To: noreply
Subject: Ticket [#25698852]
Message-ID: <96d1e6f6f0db4782483baed103f7555c@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Thank you for your letter of Jun 12, your information arrived today.
Alright, here's the link to the site:

Proceed to Site [Proceed to Site is a LINK that actually points to http:// herbalchemistsshop (dot) com]

Thank you for taking the time to contact us.
Sincerely, Jakayla Bishop, Support Team manager.

[Background graphic pulls from http:// nickeldeon (dot) nl /email_open_log_pic (dot) php?mid=38c97853035a60b8a3f72f47c3a6659b&s=a, which is a misspelled crap domain trying to appear as nickelodeon.nl while also setting both a tracking cookie and (appears to be) logging which emails are being opened (presumably to be looking for live email addresses and maybe IPs)]

HTTP/1.0 200 (OK)
Cache-Control: private, no-cache, must-revalidate
Connection: Keep-Alive
Pragma: no-cache
Server: Oversee Turing v1.0.0
Content-Length: 45
Content-Type: text/javascript
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Keep-Alive: timeout=3, max=99

P3P: policyref="http://www.dsparking.com/w3c/p3p.xml", CP="NOI DSP COR ADMa OUR NOR STA"

Set-Cookie: nickeldeon.nl=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A0%7Cglobalcookie%3A1339520478%7Cclick%3A0%7Cblocked%3A0; path=/; expires=Wed, 13-Jun-2012 17:01:18 GMT

Set-Cookie: ident=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A0%7Cglobalcookie%3A1339520478%7Cclick%3A0%7Cblocked%3A0%7Ctoken%3Aqqzxrvqrursvyqvv; path=/; expires=Wed, 13-Jun-2012 17:01:18 GMT

Set-Cookie: Spusr=490015ac40ff4fd775dec5b5; path=/; expires=Thu, 12-Jun-2014 17:01:18 GMT
cookie_callback('490015ac40ff4fd775dec5b5');