Geen idee of deze "via" het e-mail adres van NLDelphi is gekomen want ik heb daar geen aparte voor.
Mijn domein wel even gewijzigd in "mijndomein.nl".
De mail zelf is in ieder geval via een PHP-Script (exploit) verzonden maar dat zegt natuurlijk niets over hoe ze aan mijn e-mail adres komen.
Interessanter is natuurlijk hoe ze aan het e-mail adres van Jan zijn gekomen.
(onderwerp is "Account Notification 06/10" maar dat is encoded)
Code:
Return-Path: <dandw@vps7737.inmotionhosting.com>
Delivered-To: <rik@mijndomein.nl>
Received: from mijndomein.nl
by space01 (Dovecot) with LMTP id t2UXDV1TPFnDRAAAOYi0gQ
for <rik@mijndomein.nl>; Sat, 10 Jun 2017 22:15:25 +0200
Received: by mijndomein.nl (Postfix, from userid 112)
id 12BD1780D30; Sat, 10 Jun 2017 22:15:25 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on space01
X-Spam-Flag: YES
X-Spam-Level: ************************
X-Spam-Status: Yes, score=24.9 required=5.0 tests=BAYES_05,FROM_EXCESS_BASE64,
FSL_ABUSED_WEB_1,FSL_ABUSED_WEB_2,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,
TVD_PH_SEC,T_TVD_MIME_NO_HEADERS,URIBL_PH_SURBL autolearn=no
autolearn_force=no version=3.4.0
X-Spam-Report:
* 1.8 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
* mails
* 1.0 FSL_ABUSED_WEB_1 Has X-AntiAbuse header
* 1.0 FSL_ABUSED_WEB_2 Has X-PHP-Script header
* 0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
* [URIs: 3shopbox.com]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5%
* [score: 0.0317]
* 0.0 T_TVD_MIME_NO_HEADERS BODY: No description available.
* 20 RCVD_IN_BRBL_LASTEXT RBL: No description available.
* [70.39.150.121 listed in bb.barracudacentral.org]
* 1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
Received: from vps7737.inmotionhosting.com (vps7737.inmotionhosting.com [70.39.150.121])
by mijndomein.nl (Postfix) with ESMTPS id 846F9780224
for <rik@mijndomein.nl>; Sat, 10 Jun 2017 22:15:21 +0200 (CEST)
Received: from dandw by vps7737.inmotionhosting.com with local (Exim 4.87)
(envelope-from <dandw@vps7737.inmotionhosting.com>)
id 1dJlGT-0008Sc-6z
for rik@mijndomein.nl; Sat, 10 Jun 2017 14:37:37 -0400
To: rik@mijndomein.nl
Subject: ****SPAM(024.9)**** =?UTF-8?B?QWNjb3VudCBOb3RpZmljYXRpb24gMDYvMTA=?=
X-PHP-Script: www.dardenwells.com/store/js/calendar/skins/clean.php for 41.230.89.159
From: =?UTF-8?B?UGF5cGFs?= <teampaypal@support.com>
MIME-Version: 1.0;
Content-type: multipart/mixed; boundary="--L51G4hbdDZ"
Message-Id: <E1dJlGT-0008Sc-6z@vps7737.inmotionhosting.com>
Date: Sat, 10 Jun 2017 14:37:37 -0400
X-OutGoing-Spam-Status: No, score=1.6
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps7737.inmotionhosting.com
X-AntiAbuse: Original Domain - mijndomein.nl
X-AntiAbuse: Originator/Caller UID/GID - [520 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - vps7737.inmotionhosting.com
X-Get-Message-Sender-Via: vps7737.inmotionhosting.com: authenticated_id: dandw/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: vps7737.inmotionhosting.com: dandw
X-Source:
X-Source-Args:
X-Source-Dir:
X-Greylist: Delayed for 01:37:42 by milter-greylist-4.5.11 (mijndomein.nl [0.0.0.0]); Sat, 10 Jun 2017 22:15:21 +0200 (CEST)
X-Greylist: inspected; Sat, 10 Jun 2017 22:15:21 +0200 (CEST) for US - IP:70.39.150.121 DOMAIN:vps7737.inmotionhosting.com HELO:vps7737.inmotionhosting.com FROM:dandw@vps7737.inmotionhosting.com RCPT:
X-Spam-Prev-Subject: =?UTF-8?B?QWNjb3VudCBOb3RpZmljYXRpb24gMDYvMTA=?=
Bookmarks