Admin Attention Phishing emails claiming to be from BL?

c97521d9

c97521d9

Bluelighter
Joined
Aug 22, 2019
Messages
231
See here:

Some headers (I'm calliing it)

Return-Path: <[email protected]>

X-Original-To: [email protected]

Delivered-To: [email protected]

Received: from bluelight.slik.eu (unknown [95.211.37.226]) (using TLSv1.2 with cipher

ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by

mail17i.protonmail.ch (Postfix) with ESMTPS id [REDACTED] for

<[email protected]>; Sun, 20 Oct 2019 17:00:07 +0000 (UTC)

Received: from www.bluelight.org (localhost [127.0.0.1]) by bluelight.slik.eu (Postfix)

with ESMTP id [REDACTED] for <[email protected]>; Sun, 20 Oct 2019 19:00:07 +0200

(CEST)

Authentication-Results: mail17i.protonmail.ch; dmarc=fail (p=none dis=none)

header.from=gmail.com

Authentication-Results: mail17i.protonmail.ch; spf=fail

smtp.mailfrom=[email protected]

Authentication-Results: mail17i.protonmail.ch; dkim=none

Message-Id: <[email protected]>

Date: Sun, 20 Oct 2019 17:00:07 +0000

Subject: Join us in celebrating Bluelight's 20th Anniversary!

From: "Bluelight.org" <[email protected]>

To: c97521d9 <[email protected]>

Mime-Version: 1.0

Content-Type: text/html

X-To-Validate: [email protected]

X-Spam-Flag: YES

X-Spam-Status: Yes, score=8.3 required=4.0 tests=DKIM_ADSP_CUSTOM_MED,

FORGED_GMAIL_RCVD,FREEMAIL_FROM,HTML_MESSAGE,NML_ADSP_CUSTOM_MED,

RDNS_NONE,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS

autolearn=no autolearn_force=no version=3.4.2

X-Spam-Report: *

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail *

provider (bluelight.admin[at]gmail.com) *

0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override *

is CUSTOM_MED *

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' *

headers *

0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) *

0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record *

0.0 HTML_MESSAGE BODY: HTML included in message *

3.0 RDNS_NONE Delivered to internal network by a host with no rDNS *

0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing *

list *

0.7 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS *

2.0 SPOOFED_FREEMAIL No description available.

X-Spam-Level: ********

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on maili.protonmail.ch

X-Pm-Origin: external

X-Pm-Content-Encryption: on-delivery

X-Pm-Transfer-Encryption: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
 
It's actually genuine mate. TLB sent out a mailshot yesterday (our first since 2007) to remind members old and new of the 20th Anniversary and to see if any would like to visit the site and say hi :)
 
Bloody TLB and his mass spamming. Twice this week his overfilled me inbox swim porn.
 
CFC said:
It's actually genuine mate. TLB sent out a mailshot yesterday (our first since 2007) to remind members old and new of the 20th Anniversary and to see if any would like to visit the site and say hi :)
Click to expand...
XD, yeah I did still think it may be legit but my work tends to have me treat email as suspicious as.... a rattling bag of candy at an airport by the Border Force. I didn't think it look malicious for a minute, but figured I'd mention just in case, BL emails never go to my spam box. I need to give him TLB a lesson on mass emaling XD
 
loved getting an email, the link took me to the site, so i didn't think there was owt dodgy about it. i havn't used bluelight as long as some, only since 2014 on and off up until now, but a lot of what i see impresses me. the site is so well done. congrats and happy 20th !
 
I'm just a paranoid fuck, so mentioned in case. But I'm overzealous at times so again no hard feelings ;)
 
You must log in or register to reply here.
Top