Sorry -- It Wasn't Me

Based on all the NDR's received in the last hour, it's apparently my turn to have an email address spoofed and used to send out crap spam.

Sorry -- it was neither me nor my machine.

Looks like the one example below came through:

1) An open MTA relay in Barcelona, Spain (84.77.221.194)

2) Via a what was claimed to be a Saudi Arabian registered domain (odcqcngjocqxmidqclbfogqwi [DOT] twarn [DOT] com/sendmail [DOT] php)

3) Which may or may not be hosted out of Haarlem, Netherlands via 94.75.242.21

But the subdomain does not resolve, so the parent domain was probably spoofed as well. Not that it matters anyway as whoever is sending out this crap is probably using some automated script and long list of open email relays all over the world.

Good times. . .

Delivery to the following recipient failed permanently:

no@[MASKED]

Technical details of permanent failure:
[MASKED] tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 : invalid address (state 13).

----- Original message -----

Received: by 10.14.223.4 with SMTP id u4mr6449274eep.19.1353005631303;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Received: by 10.14.223.4 with SMTP id u4mr6449270eep.19.1353005631268;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Return-Path: <[MASKED]>
Received: from [MASKED] ([MASKED] [[MASKED]])
by [MASKED] with SMTP id f7si31086453eeo.10.2012.11.15.10.53.35;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Received-SPF: neutral ([MASKED]: 84.77.221.194 is neither permitted nor denied by domain of [MASKED]) client-ip=84.77.221.194;
Authentication-Results: [MASKED]; spf=neutral ([MASKED]: 84.77.221.194 is neither permitted nor denied by domain of [MASKED]) smtp.mail=[MASKED]
Received: from [84.77.221.194] ([84.77.221.194]) by [MASKED] ([[MASKED]]) with SMTP;
Thu, 15 Nov 2012 18:53:51 GMT
Received: from apache by odcqcngjocqxmidqclbfogqwi.momix.org with local (Exim 4.67)
(envelope-from <<[MASKED]>,
>)
id C6W6Y5-I31H64-NL
for <[MASKED]>,
; Thu, 15 Nov 2012 20:02:18 +0100
To: <[MASKED]>,

Subject: Company founded in Gibraltar is currently looking for European sector based labor force.
X-PHP-Script: odcqcngjocqxmidqclbfogqwi [DOT] twarn [DOT] com/sendmail [DOT] php for 84.77.221.194
From: <[MASKED]>,

X-Sender: <[MASKED]>,

X-Mailer: PHP
X-Priority: 1
Content-Type: text/plain; charset="us-ascii"
Message-Id:
Date: Thu, 15 Nov 2012 20:02:18 +0100
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.05735/99.21816 CV:99.9000 FC:95.5390 LC: 0.1839 R:95.9108 P:95.9108 M:94.5035 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-status: off
X-pstn-nxpr: disp=neutral, envrcpt=no@[MASKED]
X-pstn-nxp: bodyHash=f531f188e1f1c756d317b3245f7d51df0f393c9f, headerHash=37f1102fb2cfa2015526df5b21447c478d39434e, keyName=4, rcptHash=59b9110a6577d0310ea9cb90ad957b516216f26a, sourceip=84.77.221.194, version=1
X-pstn-nxpr: disp=neutral, envrcpt=no@[MASKED]
X-pstn-nxp: bodyHash=f531f188e1f1c756d317b3245f7d51df0f393c9f, headerHash=37f1102fb2cfa2015526df5b21447c478d39434e, keyName=4, rcptHash=59b9110a6577d0310ea9cb90ad957b516216f26a, sourceip=84.77.221.194, version=1
X-Gm-Message-State: ALoCoQmIQYS68JJUosWRXDptmnZEI6/Xr6CwYpj31j0Moj9XWIHUnEmDT9cNvqr76MIkq5TtKjLgMVPJj1uxVLfSacsO0bqgIFEmAgkQTYvbkIjQBHE7ss+iohLEWnAdGN1/S2TDH8re

Business providing product offerings in the E-Commerce and Information Technology market sectors presently
recruiting employment personnel from Europe.

5,000 Euros per month compensation in exchange for simply a few working hours put forth each day, plus a 5.0% bonus.

What we require from applicant:
- POA (Power of Attorney) or Proprietorship of a business or similar
- Replying to e-mails originating from us, each day
- Stay consistently current with every assigned task
If this interests you, please submit the following information to our business e-mail:

- Full Name
- Telephone # in the International Syntax Format
- E-mail address
- Current age

Please respond to:Jeanette@europs-consulting [DOT] com.

Don't utilize the reply option.
Sincerely,
Department of Human Resources