bbs.spamgourmet.com

[hennemtk]

Here the header of a starnge mail I received.

Please have a look at the bold section below.
Can THEY actually generate these addresses? Is it valid?

Regards
Thomas


Return-Path: <jqh1@gourmet.spamgourmet.com>
X-Flags: 1001
Delivered-To: GMX delivery to <deleted address>
Received: (qmail 13072 invoked by uid 65534); 14 Jun 2004 08:18:32 -0000
Received: from service4.isp-location.de (EHLO service4.isp-location.de) (80.190.231.69)
by mx0.gmx.net (mx015) with SMTP; 14 Jun 2004 10:18:32 +0200
Received: by service4.isp-location.de (Postfix)
id B8B222404E1; Mon, 14 Jun 2004 10:14:01 +0200 (CEST)
Delivered-To: <some addres @service4.isp-location.de>
Received: from gourmet.spamgourmet.com (gourmet.spamgourmet.com [216.218.230.146])
by service4.isp-location.de (Postfix) with ESMTP id CF2902403F5
for <deleted forwarding address>; Mon, 14 Jun 2004 10:14:00 +0200 (CEST)
Received: from gourmet.spamgourmet.com (localhost [127.0.0.1])
by localhost (8.12.10/8.12.9) with ESMTP id i5E8UX0d010119
for <deleted forwarding address>; Mon, 14 Jun 2004 01:30:33 -0700
Received: (from jqh1@localhost)
by gourmet.spamgourmet.com (8.12.10/8.12.10/Submit) id i5E8UVK8010084
for <deleted forwarding address>; Mon, 14 Jun 2004 01:30:31 -0700
Received: from localhost (dsl-213-023-204-215.arcor-ip.net [213.23.204.215])
by gourmet.spamgourmet.com (8.12.10/8.12.9) with SMTP id i5E8UT0d010063
for <n21082003.for.hennemtk@spamgourmet.com>; Mon, 14 Jun 2004 01:30:29 -0700
Date: Mon, 14 Jun 2004 01:30:29 -0700
Message-Id: <200406140830.i5E8UT0d010063@gourmet.spamgourmet.com>
From: "Microsoft - security@microsoft.com" <+n21082003+hennemtk+c8b13c9770.security#microsoft.com@spamgourmet.com>
To: <n21082003.for.hennemtk@spamgourmet.com>
Subject: Use this patch immediately ! (n21082003: message 6 of 6 -last one!-)
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)

--xxxx
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

--xxxx
Content-Type: application/download
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=patch.exe

[SysKoll]

The bold section is normal. It's because your account has addrss hiding enabled.

Did you ever post on www.pro-bike.de? That's where google found this n21082003 address.

[hennemtk]

Of course I used the n21082003... address. I used it in the usenet. So I definitely wouldn't be suprised to see this being faked. But the <+n21082003+hennemtk+c8b13c9770.security#microsoft.com@spamgourmet.com> part surprised me.
It looks like an address being created by the "send a message from one of your disposable addresses" function.

R
Thomas

[josh]

Those addresses are created whenever someone sends a message through a spamgourmet account that has "reply address masking" enabled. The first time you use the "send the first message" feature, it turns on reply address masking, if it wasn't already on. The funny-looking address makes sure your reply (or first message, as the case may be now) comes back through spamgourmet instead of going straight to the sender, so that we can switch out the disposable address for your "real" address before they get the message.

So - have a look at other messages you've received through spamgourmet on that account. Chances are they all have one of those funny-looking addresses -- it may be hidden if there is a "name" that's shown by your email software instead of the actual email address. If there's room, spamgourmet puts the original sender address as the "name" so you may see that; but if you look at the "properties" of the From: address (or whatever that's called with your email program), you should see a funny-looking one underneath.

[Guest]

Ok, got it now.

Thx!