[SpamCop-List] Re: Roxio traces to doubleclick?
MikeE at ster.invalid
Wed Dec 7 15:06:58 EST 2005
> I've had a lot of phishing spam/scams of late and I -think-
> this is one, tracker above, but something interesting happened
> when I submitted it manually for parsing.
Pop is saying he's reporting a phish, but...
> The reporting addresses are all to doubleclick.net, a long-ago
> banned outfit from my systems. At least to me, that doesn't make
... it doesn't make sense to him that doubleclick is the report addy.
> So, am I right, that it is another phishing scam?
So, now he's saying, "Is this a phish?"
... which means 'we' are going to have to look at/ read/ a spam. There
are 'rules' around here for reading spams.
#1 rule is that anytime we are getting ready to read a spam, we read/
analyze/ the headers first.
> And what's with double-click being the listed source?
> I assume it's just forgery, but if not, well ... ?
The headers show a straightup item, in which the From = the source = the
spamvertiser. There is no header bogosity.
From: "Roxio" <Roxio at email.sonic.com>
Received: from (mta.email.sonic.com [18.104.22.168])
Spamvertise: <likely unique identifier>
This condition is often associated with legitimate communications to a
Body content: <Appears to be optout> If you would like to receive new
product information and exclusive promotional offers from Roxio,
including a one-time 50% off the latest version of Easy Media Creator,
just click here: <But> If you do not reply, you will not receive any
software update email notifications from us.
First line: As a registered owner of Easy Media Creator, we feel you
should know we have released [...]
If you are a reg'd user of Easy Media Creator, then that's why you got
this offer to optin. It appears to be an optin to a reg'd user, not an
optout. email.sonic.com and its output mailserver are DoubleClick.
kibitzer, not SC admin
More information about the SpamCop-List