[mailop] Just because Linode is the topic de jouer..

[Michael Peddemors via mailop]

Ten minutes of free time got me trolling my spam folder, and saw this 
interesting spam message.. and found the headers really interesting.

Might explain a small uptick in spam from Linode servers..
"THIS IS A TEST EMAIL ONLY.
This email was sent by the author for the sole purpose of testing a 
draft message. If you believe you have received the message in error, 
please contact the author by replying to this message. Constant Contact 
takes reports of abuse very seriously. If you wish to report abuse, 
please forward this message to ab...@constantcontact.com."

Huh? Oh yes, many of the headers showed that they look like a constant 
contact, but not familiar with them using Linode servers..

And the headers make it seem that it was generated via a legitimate 
constant contact server at one time (208.75.123.250)

But the trace headers look more like it was generated from gmail, and 
accepted directly by the Linode server, so is this some kind of relay 
bot, where they generate the content using Constant Contacts test system?

Needless to say it is a UPS phishing attempt, but this one is new on 
me.. Not sure if the attempt was to try and actually deliver the 
phishing, or simply discredit Constant Contact..

Comments welcome, even though this should probably be simply 'nothing to 
see here, move along'..

Received: from 45-79-16-32.ip.linodeusercontent.com (HELO 
in.constantcontact.com) (45.79.16.32)
        by fe3.cityemail.com with SMTP
        (f72f79fe-7953-11ec-b9b5-5f141a28f7b3); Wed, 19 Jan 2022 10:16:48 -0800
To: redaccted
Received: by 2002:a05:7010:5194:b0:1fa:1fee:ca78 with SMTP id 
r20csp2900460mdc;
        Wed, 19 Jan 2022 10:03:52 -0800 (PST)
X-Google-Smtp-Source: 
ABdhPJwabK0YJsT7YutZHdgPCyAJmhLNSSTfti89SkZMOnqnO3jzitdm8P6e0T/E/BhjFrbvxlMZ
X-Received: by 2002:a67:e1cd:: with SMTP id 
p13mr10179119vsl.28.1642615432318;
        Wed, 19 Jan 2022 10:03:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642615432; cv=none;
        d=google.com; s=arc-20160816;

b=PPz3aS6qnF4CQHZfxJD0CC+07d0qqUu0ct61pYEiSwOZZIHWk/+FFX/kYTd9vO6ao1

Pf5c9GaPaJsFDOCvKHpOsPvsHxTtDLb6Eb3i6+oHF6t7zp11YTUkzo8EwZ2AqsjZkjcH

OWYg1Vfq2WgnMaYbMRZvqX6MJFg7vYqup+Uh7xYQP4pUU1c/NNkRtsxOPikUMWChkYBg

NIgmO/h2fItRGYYkW6YcJu7IV6Ug9vUWnbhGL4sPvCURKW4Zi89752J1V08dpiLIcFWv

unbjUOlzDM9qdY/3464nQ7Yu1mJ+dIzI3yss3e8CqSbAXkzq1Z/5shfpXBSHVttlwaPf
         4QSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com; s=arc-20160816;
        h=list-unsubscribe-post:list-unsubscribe:mime-version:subject:to
         :reply-to:from:date:message-id:dkim-signature;
        bh=drvcoDgw+07quLESLQ7HlIJQB5licejPc6y0VtiLA+8=;

b=wa4V9ebhhmkXr3GO6zNzTRPr3kh1NikL9e192VWyThYnnDv6fZnTrtIC8ibWo8gTUN

AZphLkLItqtj5baiyfTZ/vGd93wo5scuzU4xK/ea6IDhikbnREtI1jrqaqWlCX4f5lEa

rb1qj1bc+Mu67ZYMVKkRRsG7l+uNiHaZDZPYEhHYBd+6R6tcA3xhslPoACyY4I1eJYTZ

XEw0vPhHtHw3ki4X40bTG11oXLK2LQplIzWK1t1V0jmlhby+QpX2IIrborLZ2/0+0DVy

mog9chH5jLxl/8wkHRi5k9ZSvL87gFWu144kDJswj6douRWqaw7ZvJWosTeNWrGqyk1f
         toEA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@auth7.ccsend.com header.s=2020168482 
header.b=Zj8nujZw;
       spf=pass (google.com: domain of 
aenbmsbtfsg6aclzj7rnyng==_1138468800489_ioxhggsaeekcqojkyihwmw==@in.constantcontact.com 
designates 208.75.123.250 as permitted sender) 
smtp.mailfrom="AeNBmSbTFSG6AclZJ7RNYng==_1138468800489_IOXhGGsaEeKCQojkYIhwmw==@in.constantcontact.com"
Received: from ccm37.constantcontact.com (ccm37.constantcontact.com. 
[208.75.123.250])
        by mx.google.com with ESMTPS id 
d81si78939vke.162.2022.01.19.10.03.51
        for <ahmadelkawn...@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 19 Jan 2022 10:03:51 -0800 (PST)
Received-SPF: pass (google.com: domain of 
aenbmsbtfsg6aclzj7rnyng==_1138468800489_ioxhggsaeekcqojkyihwmw==@in.constantcontact.com 
designates 208.75.123.250 as permitted sender) client-ip=208.75.123.250;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@auth7.ccsend.com header.s=2020168482 
header.b=Zj8nujZw;
       spf=pass (google.com: domain of 
aenbmsbtfsg6aclzj7rnyng==_1138468800489_ioxhggsaeekcqojkyihwmw==@in.constantcontact.com 
designates 208.75.123.250 as permitted sender) 
smtp.mailfrom="AeNBmSbTFSG6AclZJ7RNYng==_1138468800489_IOXhGGsaEeKCQojkYIhwmw==@in.constantcontact.com"
Received: from [10.252.0.2] ([10.252.0.2:42768] 
helo=p2-jbemailsyndicator21.ctct.net)
	by 10.249.234.19 (envelope-from 
<AeNBmSbTFSG6AclZJ7RNYng==_1138468800489_IOXhGGsaEeKCQojkYIhwmw==@in.constantcontact.com>)
        (ecelerity 4.3.1.999 r(:)) with ESMTP
        id 9C/28-23652-78258E16; Wed, 19 Jan 2022 13:03:51 -0500
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; 
s=2020168482; d=auth7.ccsend.com; 
h=date:mime-version:subject:X-Feedback-ID:X-250ok-CID:message-id:from:reply-to:list-unsubscribe:list-unsubscribe-post:to; 
bh=drvcoDgw+07quLESLQ7HlIJQB5licejPc6y0VtiLA+8=; 
b=Zj8nujZwEH5EeFHZU2ztGKwbRpO3deTc4H004Wr4ViWaGIi+ITILKYyhY+XnXdVXiZJlJEl+DMaeK6L/PQP+aCewFR3oYDMxYFQg25JgqE/2PiyaNRBF7HnzDXYJit0fn0OouPCCTNJPjmYYTkH/3B2oAd+MH/m/Fo25hPb/130=
Message-ID: 
<1138482780061.1138468800489.-1.0.101303jl.1...@scheduler.constantcontact.com>
Date: Wed, 19 Jan 2022 13:03:51 -0500 (EST)
From: UPS Reward <ogrel...@gmailwe.com>
Reply-To: ogrel...@gmailwe.com
To: ahmadelkawn...@gmail.com
Subject: Get You $100.00 Cash value.
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_Part_326609493_1857755849.1642615431677"
List-Unsubscribe: 
<https://visitor.constantcontact.com/do?p=un&m=001K9EI-EHQZSv1c5PJG3FSEQ%3D%3D&se=001TAeZDpsMR68%3D&t=001EkZLEx15CcE%3D&llr=j4roajebb>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Campaign-Activity-ID: 78d06649-b4c5-486e-8072-5649ed13589e
X-250ok-CID: 78d06649-b4c5-486e-8072-5649ed13589e
X-Channel-ID: 20e5e118-6b1a-11e2-8242-88e46088709b
X-Mailer: Roving Constant Contact 2012 (http://www.constantcontact.com)
X-Return-Path-Hint: 
AeNBmSbTFSG6AclZJ7RNYng==_1138468800489_IOXhGGsaEeKCQojkYIhwmw==@in.constantcontact.com
X-Roving-Campaignid: 1138482780061
X-Roving-Id: 1138468800489.-1
X-Feedback-ID: 
20e5e118-6b1a-11e2-8242-88e46088709b:78d06649-b4c5-486e-8072-5649ed13589e:1138468800489:CTCT
X-CTCT-ID: 20e5e118-6b1a-11e2-8242-88e46088709b



--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop