Microsoft spam ?

Discussion in 'NZ Computing' started by Brendan, Nov 9, 2003.

  1. Brendan

    Brendan Guest

    First bit of spam I've had in years.

    Microsoft is apparently spamming me with passport solicitations.

    Note: I have not now, nor ever, requested a .net passport account. The
    address used is NEVER used for anything - it is not actually listed
    ANYWHERE on my computer. Not even address books or text files.
    'Harvested' by a spamming bastard off my web site.

    (spam bait edited out with xxxx)

    I think ms may be running some sort of referral system, and some
    spamming **** stole my email address and put it in (lc=1033).

    What do you all think ?


    The emails:
    --------------------------------------
    Return-Path: <>
    Received: from passport.com ([65.54.230.80])
    by dbmail-mx2.orcon.co.nz (8.12.6/8.12.6/Debian-7) with ESMTP
    id hA8GvsIZ012040
    for <>; Sun, 9 Nov 2003 05:57:55 +1300
    Received: from PassportEmailLive ([127.0.0.1]) by passport.com with
    Microsoft SMTPSVC(5.0.2195.5329);
    Sat, 8 Nov 2003 09:02:17 -0800
    TO:
    FROM: "Microsoft .NET Passport" <>
    DATE: Sat, Nov 08 2003 09:02:17 -0800
    REPLY-TO:
    SUBJECT: Welcome to Microsoft .NET Passport!
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="Boundary-=2000020403120849000"
    Content-Transfer-Encoding: 7bit
    Message-ID: <>
    X-OriginalArrivalTime: 08 Nov 2003 17:02:17.0715 (UTC)
    FILETIME=[10C40C30:01C3A61A]
    X-Spam-Score: 1.1 (*) CLICK_BELOW,INVALID_DATE
    X-Scanned-By: MIMEDefang 2.32 (www . roaringpenguin . com /
    mimedefang)

    Hello :

    Thank you for registering for a Microsoft® .NET Passport at a
    participating Web site.

    Use the e-mail address () and password you
    provided during registration to sign in instantly at any .NET
    Passport-enabled Web site that displays the .NET Passport sign-in
    button.

    The rest of this e-mail message contains important information about
    how to use your .NET Passport. You may want to refer back to it on
    occasion, so please save it or print a copy.

    TO SIGN IN AND SIGN OUT AT A .NET PASSPORT-ENABLED SITE

    TO SIGN IN, click the .NET Passport sign-in button on the site, and
    then type your e-mail address and password in the sign-in box that
    appears.

    After you sign in to one .NET Passport-enabled site, you can sign in
    to any other just by clicking the .NET Passport sign-in button on each
    site.

    TO SIGN OUT, click the .NET Passport sign-out button on the site.
    Clicking this button at any site will sign you out of all .NET
    Passport-enabled sites.

    IF YOU FORGET YOUR PASSWORD

    To create a new password, follow the instructions at the .NET Passport
    Web site at
    https://memberservices.passport.net/ppsecure/MSRV_ResetPW.srf.

    OTHER IMPORTANT .NET PASSPORT LINKS

    Microsoft is committed to protecting your privacy. Please use the
    following link to review the privacy policy of the Microsoft .NET
    Passport service. http://www.passport.net/privacypolicy.asp. If you
    have questions regarding this Privacy Statement, please send an e-mail
    message to: .

    To help protect the personal information stored in your .NET Passport,
    we recommend that you use the most current version of your browser.
    For more information, visit the Microsoft® Internet Explorer home page
    http://www.microsoft.com/windows/ie/default.asp or the Netscape home
    page http://www.netscape.com.

    If you want to view or change your .NET Passport, or if you need help,
    visit .NET Passport Member Services at
    http://www.passport.net/memberservices.asp.

    You can see a list of .NET Passport sites at
    http://www.passport.net/directory.asp.

    For more information about .NET Passport, visit the Microsoft .NET
    Passport Web site at http://www.passport.net.

    IF CLICKING A LINK DOESN'T WORK

    Copy the link, and then paste it into your Web browser's address bar.

    Select the entire link (which starts with http:// and may include more
    than one line) and then copy it, usually by clicking the "Edit" menu
    item and then clicking "Copy". Next, open your Web browser and click
    in the box where you usually see the Web page address. Paste the link
    into this box (usually by clicking "Paste" in the "Edit" menu) and
    click "Go" or "Enter.”

    Thank you for using your Microsoft .NET Passport!
    NET Passport Customer Support


    Please do not reply to this message; it was sent from an unmonitored
    e-mail address and .NET Passport Customer Support is unable to respond
    to any replies.
    -----------------------------
    Return-Path: <>
    Received: from passport.com ([65.54.230.86])
    by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with ESMTP
    id hA8GxY4M007222
    for <>; Sun, 9 Nov 2003 05:59:35
    +1300
    Received: from PassportEmailLive ([127.0.0.1]) by passport.com with
    Microsoft SMTPSVC(5.0.2195.5329);
    Sat, 8 Nov 2003 09:02:17 -0800
    TO:
    FROM: "Microsoft .NET Passport" <>
    DATE: Sat, Nov 08 2003 09:02:17 -0800
    REPLY-TO:
    SUBJECT: Please verify your Microsoft .NET Passport e-mail address
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="Boundary-=2000020403120849000"
    Content-Transfer-Encoding: 7bit
    Message-ID: <>
    X-OriginalArrivalTime: 08 Nov 2003 17:02:17.0668 (UTC)
    FILETIME=[10BCE040:01C3A61A]
    X-Spam-Score: 2.7 (**)
    CLICK_BELOW,HTML_00_10,HTML_LINK_CLICK_HERE,HTML_MESSAGE,INVALID_DATE
    X-Scanned-By: MIMEDefang 2.32 (www . roaringpenguin . com /
    mimedefang)

    Hello :

    Thank you for registering a Microsoft® .NET Passport.

    TO VERIFY that you have registered this e-mail address as a .NET
    Passport, click:
    http://register.passport.net/EmailPage.srf?EmailID=xxxxxxxxxxxxxxxxxxxxx&URLNum=0&lc=1033

    AOL users: <a
    href=http://register.passport.net/EmailPage.srf?EmailID=xxxxxxxxxxxxxxxxxxxxxxxx&URLNum=0&lc=1033>Click
    here to verify</a>

    Verifying your e-mail address will ensure that we can respond if you
    contact us about a problem. In addition, some .NET
    Passport-participating sites may require you to verify your e-mail
    address to take full advantage of their services.

    IF YOU DID NOT REGISTER this e-mail address and want to cancel, click:
    http://register.passport.net/EmailPage.srf?EmailID=xxxxxxxxxxxxxxxxxxxxxxxx&URLNum=1&lc=1033

    AOL users: <a
    href=http://register.passport.net/EmailPage.srf?EmailID=xxxxxxxxxxxxxxxxxxxxxxxx&URLNum=1&lc=1033>Click
    here to cancel</a>

    *If clicking a link doesn’t work:

    Select and copy the entire, appropriate link.
    Open a browser window and paste the link in the address bar.
    Click Go or, on your keyboard, press Enter or Return.
    On the .NET Passport page, verify that you want to use this e-mail
    address as a .NET Passport, or confirm that you want to cancel it.

    NET Passport is committed to protecting your privacy. We encourage you
    to review the .NET Passport Privacy Statement at:
    http://www.passport.net/privacypolicy.asp.

    For more information, visit the .NET Passport home page at:
    http://www.passport.net.

    To request additional help from .NET Passport Customer Support, click
    http://register.passport.net/contactus.srf?LC=xxxx.

    Thank you for using .NET Passport!

    Microsoft .NET Passport Customer Support

    Please do not reply to this message; it was sent from an unmonitored
    e-mail address and we are unable to respond to any replies.



    ....Brendan
     
    Brendan, Nov 9, 2003
    #1
    1. Advertising

  2. Brendan

    ~misfit~ Guest

    Jerry wrote:
    > dot com wrote:
    >
    >>
    >> (spam bait edited out with xxxx)
    >>

    > I hate to tell but it looks like you missed one.
    > Get ready for the deluge.


    I noticed that too.
    --
    ~misfit~
     
    ~misfit~, Nov 9, 2003
    #2
    1. Advertising

  3. Brendan

    T.N.O. Guest

    Brendan wrote:

    > First bit of spam I've had in years.
    >
    > Microsoft is apparently spamming me with passport solicitations.


    So someone put your email addy into the MS passport site... congrats....

    By the way, you didn't snip it out enough, you still left at least one
    copy of your address in the body of that post.
     
    T.N.O., Nov 9, 2003
    #3
  4. Brendan

    Jerry Guest

    dot com wrote:

    >
    > (spam bait edited out with xxxx)
    >

    I hate to tell but it looks like you missed one.
    Get ready for the deluge.
    Jerry©
     
    Jerry, Nov 9, 2003
    #4
  5. Brendan

    Brendan Guest

    On Mon, 10 Nov 2003 11:47:09 +1300, Jerry <> wrote:

    >> (spam bait edited out with xxxx)
    >>

    >I hate to tell but it looks like you missed one.
    >Get ready for the deluge.
    >Jerry©


    Bugger.



    ....Brendan
     
    Brendan, Nov 10, 2003
    #5
  6. Brendan

    Mainlander Guest

    In article <>,
    corum.usenet@myrealbox says...
    >
    >
    > (spam bait edited out with xxxx)
    >
    > for <>; Sun, 9 Nov 2003 05:57:55 +1300


    By the way THIS IS A VIRUS MESSAGE. The following message appears on the
    foot of that recent virus message from MS SUpport

    "Please do not reply to this message; it was sent from an unmonitored
    e-mail address and we are unable to respond to any replies."
     
    Mainlander, Nov 10, 2003
    #6
  7. Brendan

    Mainlander Guest

    In article <>,
    corum.usenet@myrealbox says...
    >
    > First bit of spam I've had in years.
    >
    > Microsoft is apparently spamming me with passport solicitations.


    Are you sure there is not a virus in the attachment :)

    The message that appears on the bottom may well be a standard MS
    disclaimer but it looks like the message that appeared on the bottom of
    Swen virus messages.
     
    Mainlander, Nov 10, 2003
    #7
  8. Brendan

    Brendan Guest

    On Mon, 10 Nov 2003 07:00:51 +1300, "T.N.O."
    <> wrote:

    >Brendan wrote:
    >
    >> First bit of spam I've had in years.
    >>
    >> Microsoft is apparently spamming me with passport solicitations.

    >
    >So someone put your email addy into the MS passport site... congrats....


    Not JUST that apprently.

    >By the way, you didn't snip it out enough, you still left at least one
    >copy of your address in the body of that post.


    yeah, noticed that. Bugger.

    But the interesting thing is this though: Microsoft attempts NO
    verification that the address submitted was legitimately obtained. No
    'click this link to verify'. Pretty slack.

    As I have not agreed to any of their provisions I am not under any
    obligation to abide any of their rules. Maybe that'll cause a problem
    for them one day and they'll smarten up.



    ....Brendan
     
    Brendan, Nov 10, 2003
    #8
  9. Brendan

    Ralph Fox Guest

    On Mon, 10 Nov 2003 14:54:08 +1300, in article
    <>, Mainlander wrote:

    > In article <>,
    > corum.usenet@myrealbox says...
    > >
    > > First bit of spam I've had in years.
    > >
    > > Microsoft is apparently spamming me with passport solicitations.

    >
    > Are you sure there is not a virus in the attachment :)



    If so, then the infected sender is at Microsoft. What a coincidence!

    Check the IP addresses of the last mail server before
    Brendan's ISP (Orcon), which you can find in the
    top-most "Received:" header of each message.

    [65.54.230.80]
    [65.54.230.86]

    These IP addresses belong to Microsoft [details below].

    This information is inserted in the headers by Orcon, Brendan's ISP.
    The only way this could be forged is by an inside job at Orcon.


    > The message that appears on the bottom may well be a standard MS
    > disclaimer but it looks like the message that appeared on the bottom of
    > Swen virus messages.



    Unless you are going to suggest that that Brendan has fabricated
    the headers, you must either
    (a) believe that there is an inside job at Orcon,
    (b) or accept that the IP addresses are genuine.




    Details on who owns IP addresses 65.54.230.80 and 65.54.230.86,
    from the ARIN database


    |  OrgName: Microsoft Corp
    |  OrgID: MSFT
    |  Address: One Microsoft Way
    |  City: Redmond
    |  StateProv: WA
    |  PostalCode: 98052
    |  Country: US

    |  NetRange: 65.52.0.0 - 65.55.255.255
    |  CIDR: 65.52.0.0/14
    |  NetName: MICROSOFT-1BLK
    |  NetHandle: NET-65-52-0-0-1
    |  Parent: NET-65-0-0-0-0
    |  NetType: Direct Assignment
    |  NameServer: DNS1.CP.MSFT.NET
    |  NameServer: DNS2.CP.MSFT.NET
    |  NameServer: DNS1.TK.MSFT.NET
    |  NameServer: DNS1.DC.MSFT.NET
    |  NameServer: DNS1.SJ.MSFT.NET
    |  Comment:
    |  RegDate: 2001-02-14
    |  Updated: 2002-12-05

    |  TechHandle: ZM23-ARIN
    |  TechName: Microsoft Corporation
    |  TechPhone: +1-425-882-8080
    |  TechEmail:

    |  OrgAbuseHandle: ABUSE231-ARIN
    |  OrgAbuseName: Abuse
    |  OrgAbusePhone: +1-425-882-8080
    |  OrgAbuseEmail:

    |  OrgNOCHandle: ZM23-ARIN
    |  OrgNOCName: Microsoft Corporation
    |  OrgNOCPhone: +1-425-882-8080
    |  OrgNOCEmail:

    |  OrgTechHandle: MSFTP-ARIN
    |  OrgTechName: MSFT-POC
    |  OrgTechPhone: +1-425-882-8080
    |  OrgTechEmail:

    |  # ARIN WHOIS database, last updated 2003-11-09 19:15
    |  # Enter ? for additional hints on searching ARIN's WHOIS database.


    --
    Cheers,
    Ralph

    "There is only one boss, the customer. And he can fire everybody in
    the company from the chairman on down, simply by spending his money
    somewhere else." -- Sam Walton
     
    Ralph Fox, Nov 10, 2003
    #9
  10. Brendan

    Brendan Guest

    On Mon, 10 Nov 2003 14:51:07 +1300, Mainlander <*@*.*> wrote:

    >By the way THIS IS A VIRUS MESSAGE. The following message appears on the
    >foot of that recent virus message from MS SUpport


    Thanks for broadcasting the email address again. One or two spammers
    missed it the first time.



    ....Brendan
     
    Brendan, Nov 11, 2003
    #10
  11. Brendan

    Brendan Guest

    On Mon, 10 Nov 2003 14:54:08 +1300, Mainlander <*@*.*> wrote:

    >Are you sure there is not a virus in the attachment :)
    >
    >The message that appears on the bottom may well be a standard MS
    >disclaimer but it looks like the message that appeared on the bottom of
    >Swen virus messages.


    No attachments.



    ....Brendan
     
    Brendan, Nov 11, 2003
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stefano
    Replies:
    5
    Views:
    4,496
    Moz Champion
    Feb 9, 2005
  2. SW Monkey
    Replies:
    12
    Views:
    2,117
  3. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    740
    Hywel
    Apr 12, 2004
  4. nota chance

    in the valley of spam stupidity on spam removing

    nota chance, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    565
    Blinky the Shark
    Aug 8, 2004
  5. Clwddncr
    Replies:
    6
    Views:
    815
    Dave - Dave.net.nz
    Feb 7, 2005
Loading...

Share This Page