Hallo, ich bekomme tortz aktivem SPF ab und zu (ca. 1-3 mal die Woche) mails von meiner eigenen Adresse.
Irgendwie sind da auch mehrere Spam header drin?!
Ich hoffe mir kann jemand helfen.
danke schonmal
schönen Abend
druckgott
Irgendwie sind da auch mehrere Spam header drin?!
Code:
From - Mon Jun 13 21:53:01 2016
X-Account-Key: account5
X-UIDL: UID41974-1253723990
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10010000
X-Mozilla-Keys:
>From forum@meinedomain.de Mon Jun 13 18:21:43 2016
Received: from localhost by hXXXXXXX.stratoserver.net
with SpamAssassin (version 3.4.0);
Mon, 13 Jun 2016 20:21:46 +0200
From: Amazon.de <forum@meinedomain.de>
To: forum@meinedomain.de
Subject: *****SPAM****** Sicherheit Kundenkonto
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
hXXXXXXX.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.5 required=7.0 tests=HTML_IMAGE_ONLY_28,
HTML_MESSAGE,MISSING_DATE,MISSING_MID,NO_RELAYS,T_REMOTE_IMAGE,
URIBL_ABUSE_SURBL,URIBL_BLOCKED,URIBL_DBL_SPAM,URI_HEX,URI_NOVOWEL
autolearn=no autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_575EF9BA.E12243B7"
X-Antivirus: avast! (VPS 160613-1, 13.06.2016), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
------------=_575EF9BA.E12243B7
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "hXXXXXXX.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Spam detection software, running on the system "hXXXXXXX.stratoserver.net",
has identified this incoming email as possible spam. The original message
has been attached to this so you can view it or label similar future email.
If you have any questions, see the administrator of that system for details.
[...]
Content analysis details: (8.5 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: meinedomain.de]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URIs: sfjd948fklsdjs453.ru]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URIs: sfjd948fklsdjs453.ru]
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
0.0 T_REMOTE_IMAGE Message contains an external image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_575EF9BA.E12243B7
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path: <forum@meinedomain.de>
Delivered-To: meinedomain.de-forum@meinedomain.de
Received: from localhost by hXXXXXXX.stratoserver.net
with SpamAssassin (version 3.4.0);
Mon, 13 Jun 2016 20:21:43 +0200
From: Amazon.de <forum@meinedomain.de>
To: forum@meinedomain.de
Subject: *****SPAM****** Sicherheit Kundenkonto
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
hXXXXXXX.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.6 required=7.0 tests=HTML_IMAGE_ONLY_28,
HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,MISSING_MID,SPF_HELO_PASS,
T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED,URIBL_DBL_SPAM,URI_HEX,
URI_NOVOWEL autolearn=no autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_575EF9B7.8ADD40FE"
This is a multi-part message in MIME format.
------------=_575EF9B7.8ADD40FE
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "hXXXXXXX.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview:  E-Mail Adresse forum@meinedomain.de [...]
Content analysis details: (9.6 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URIs: sfjd948fklsdjs453.ru]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URIs: sfjd948fklsdjs453.ru]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: meinedomain.de]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
0.0 T_REMOTE_IMAGE Message contains an external image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_575EF9B7.8ADD40FE
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: (qmail 2759 invoked from network); 13 Jun 2016 20:21:43 +0200
Received: from ts20.progressiveline.com (149.56.84.229)
by meinedomain.de with (DHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; 13 Jun 2016 20:21:42 +0200
Received: (qmail 2985 invoked from network); 13 Jun 2016 14:21:45 -0400
Received: from fixed-203-68-189-203-68-98.iusacell.net (HELO hjskdfsahfjksdf.com) (189.203.68.98)
by ts20.progressiveline.com with ESMTPA; 13 Jun 2016 14:21:44 -0400
To: forum@meinedomain.de
From: Amazon.de <forum@meinedomain.de>
Content-Type: text/html; charset=utf-8
MIME-Version: 1.0
Subject: Sicherheit Kundenkonto
<!DOCTYPE html>
<html>
<head>
</head>
<body style="background-color: #F6F6F6; font-family: Arial,sans-serif; color: #6D6D6D; font-size: 14px;">
<div style="width: 621px; border: solid 0.7px #DDD; margin-left: auto; margin-right: auto; background-color: #FFF; margin-top: 20px; border-radius: 5px;">
<img src="http://image.prntscr.com/image/c28d408247b2440a84cc950907440647.gif" style="margin: 30px;">
<div style="width: 590px; background-color: #DDD; font-size: 12px; padding:15px;">
E-Mail Adresse<br>
<div style="font-weight: bold; color: rgb(255,140,40); text-decoration: none;" >forum@meinedomain.de</div><br>
Referenznummer:<br>
<b>9372-2382-2474-1242</b>
</div>
<div style="padding:20px;">
<div style="color: rgb(255,140,40); margin-bottom: 20px; font-size: 22px;">Wir benötigen Ihre Hilfe</div>
Guten Tag Yvonne Wick, <br>
<br>
Aufgrund jüngster Betrugsversuche haben wir einige Kundenkonten zum Schutz unserer Kunden vorsorglich gesperrt.<br><br>
Dies ist ein automatischer Prozess und dient dazu Ihre Daten vor Missbrauch zu schützen.</b><br><br>
Um Ihr Kundenkonto wieder wie gewohnt nutzen zu können müssen Sie einen Abgleich Ihrer Daten durchführen.<br><br>
Nach Abschluss des Abgleichs können Sie Ihr Kundenkonto wieder uneingeschränkt nutzen.
Um Die Sicherheit Ihres Kundenkontos zu erhöhen beachten Sie bitte folgende Sicherheitshinweise:
<ul>
<li>Nutzen Sie, falls möglich, immer die selben Geräte für den Zugriff auf Ihr Kundenkonto.</li>
<li>Geben Sie ihre Daten niemals an Dritte.</li>
<li>Nutzen Sie ein sicheres Passwort (Groß- und Kleinbuchstaben + Sonderzeichen).</li>
</ul>
Um den Abgleich jetzt durchzuführen besuchen Sie bitte folgenden Link:</br>
<br>
<a style="text-decoration: none;" href="http://www.amazon.de-signup-kundencenter-userid.31209267781082.sfjd948fklsdjs453.ru?id=WXZvbm5lOldpY2s6Zm9ydW1AY29vbHBpeHguZGU=
">
<div style="background-color: rgb(255,140,40); color: #FFF; width: 100%; text-align:Center; padding-bottom: 12px; padding-top:12px; border-radius: 5px;">Datenabgleich durchführen</div>
</a>
<br>
Bitte führen Sie diesen Abgleich innerhalb von 24 Stunden durch.
<p>
<b>Viele Grüße,<br><br>
Ihr Amazon Kundendienst</b>
</p>
</div>
<div style="padding:19.9px; background-color: #DDD; color: #555; text-align: center; font-weight: bold;">
<div style="font-weight: 400; font-size: 10px;">
© 2014 Amazon Inc., Amazon Europe S.à r.l. 22-24 Boulevard Royal, L-2449, Luxemburg
</div>
</div>
</div>
</body>
</html>
------------=_575EF9B7.8ADD40FE--
------------=_575EF9BA.E12243B7--Ich hoffe mir kann jemand helfen.
danke schonmal
schönen Abend
druckgott
Last edited by a moderator:
