For a week now I have been getting daily grouped spam with the title starting with one of my email account names “shopppp”. Sure I could filter “shopppp” but sometimes it’s legit.
One day the sender will be “coupon code included” <jerking@firstgreenlawn.com>
Another Jennifer@greattreehotel.com , congenially@coveredpretzelssite.com and so on.
What’s going on here and can I filter a moving domain?
Return-Path: jennifer@greattreehotel.com
Received: from imta30.emeryville.ca.mail.comcast.net (LHLO
imta30.emeryville.ca.mail.comcast.net) (76.96.27.233) by
sz0109.wc.mail.comcast.net with LMTP; Sat, 6 Mar 2010 14:42:37 +0000 (UTC)
Received: from bus189.greenlawncenter.com ([68.168.32.189])
by imta30.emeryville.ca.mail.comcast.net with comcast
id pqic1d00a44pyLs0Wqic6s; Sat, 06 Mar 2010 14:42:37 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=1.1 cv=YyubQmonq14onws1AfBBhRiDSD1sciFRB/bSLlonDDU=
c=1 sm=1 a=zBFnpXEXi6cA:10 a=8nJEP1OIZ-IA:10 a=h8LeXreGpHCm8YdGc8J//Q==:17
a=DUgJsoLoAAAA:8 a=C_IRinGWAAAA:8 a=qTQDE_1Kehw9S61BOBIA:9
a=UzdhDAEnATs_FZK3pQ0A:7 a=ZxQyGD1icsWSMBuNW1rvbyuyF98A:4 a=wPNLvfGTeEIA:10
a=si9q_4b84H0A:10 a=h8LeXreGpHCm8YdGc8J//Q==:117
From: HW101.com <Jennifer@greattreehotel.com>
Subject: shopppp, Is Your Home at Risk? Find Out Now
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR>
</HEAD>
<BODY>
Return-Path: lam@coveredpretzelssite.com
Received: from imta15.westchester.pa.mail.comcast.net (LHLO
imta15.westchester.pa.mail.comcast.net) (76.96.62.54) by
sz0109.wc.mail.comcast.net with LMTP; Fri, 5 Mar 2010 13:32:40 +0000 (UTC)
Received: from mamba.trunknetworks.com ([109.238.85.132])
by imta15.westchester.pa.mail.comcast.net with comcast
id pRYe1d01u2rJov90FRYfpD; Fri, 05 Mar 2010 13:32:40 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=1.1 cv=3r9ESkDpnBZOywlkrnwv1bvI+olQ2LiSLqPueafoPys=
c=1 sm=1 a=1z-HDNte3lkA:10 a=bC6GBUpkwlzFAcUAL0bdpg==:17 a=f27nk8QaAAAA:8
a=C_IRinGWAAAA:8 a=ZeVCbr9CrtjusU0XYQcA:9 a=puL8JCxYAi9UoYSi0n0A:7
a=UNmkm3wdb_RLWVf-xck3OF3ysNkA:4 a=si9q_4b84H0A:10
a=bC6GBUpkwlzFAcUAL0bdpg==:117
From: LASIK Vision Institute <lam@coveredpretzelssite.com>
Subject: shopppp, Lasik Special - Now Starting at $299 - Act Now
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR>
</HEAD>
<BODY>
Ed
One day the sender will be “coupon code included” <jerking@firstgreenlawn.com>
Another Jennifer@greattreehotel.com , congenially@coveredpretzelssite.com and so on.
What’s going on here and can I filter a moving domain?
Return-Path: jennifer@greattreehotel.com
Received: from imta30.emeryville.ca.mail.comcast.net (LHLO
imta30.emeryville.ca.mail.comcast.net) (76.96.27.233) by
sz0109.wc.mail.comcast.net with LMTP; Sat, 6 Mar 2010 14:42:37 +0000 (UTC)
Received: from bus189.greenlawncenter.com ([68.168.32.189])
by imta30.emeryville.ca.mail.comcast.net with comcast
id pqic1d00a44pyLs0Wqic6s; Sat, 06 Mar 2010 14:42:37 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=1.1 cv=YyubQmonq14onws1AfBBhRiDSD1sciFRB/bSLlonDDU=
c=1 sm=1 a=zBFnpXEXi6cA:10 a=8nJEP1OIZ-IA:10 a=h8LeXreGpHCm8YdGc8J//Q==:17
a=DUgJsoLoAAAA:8 a=C_IRinGWAAAA:8 a=qTQDE_1Kehw9S61BOBIA:9
a=UzdhDAEnATs_FZK3pQ0A:7 a=ZxQyGD1icsWSMBuNW1rvbyuyF98A:4 a=wPNLvfGTeEIA:10
a=si9q_4b84H0A:10 a=h8LeXreGpHCm8YdGc8J//Q==:117
From: HW101.com <Jennifer@greattreehotel.com>
Subject: shopppp, Is Your Home at Risk? Find Out Now
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR>
</HEAD>
<BODY>
Return-Path: lam@coveredpretzelssite.com
Received: from imta15.westchester.pa.mail.comcast.net (LHLO
imta15.westchester.pa.mail.comcast.net) (76.96.62.54) by
sz0109.wc.mail.comcast.net with LMTP; Fri, 5 Mar 2010 13:32:40 +0000 (UTC)
Received: from mamba.trunknetworks.com ([109.238.85.132])
by imta15.westchester.pa.mail.comcast.net with comcast
id pRYe1d01u2rJov90FRYfpD; Fri, 05 Mar 2010 13:32:40 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=1.1 cv=3r9ESkDpnBZOywlkrnwv1bvI+olQ2LiSLqPueafoPys=
c=1 sm=1 a=1z-HDNte3lkA:10 a=bC6GBUpkwlzFAcUAL0bdpg==:17 a=f27nk8QaAAAA:8
a=C_IRinGWAAAA:8 a=ZeVCbr9CrtjusU0XYQcA:9 a=puL8JCxYAi9UoYSi0n0A:7
a=UNmkm3wdb_RLWVf-xck3OF3ysNkA:4 a=si9q_4b84H0A:10
a=bC6GBUpkwlzFAcUAL0bdpg==:117
From: LASIK Vision Institute <lam@coveredpretzelssite.com>
Subject: shopppp, Lasik Special - Now Starting at $299 - Act Now
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR>
</HEAD>
<BODY>
Ed
