Spam messages to FR/PLU mailing list (1/10/17)

1. Message Header (#1):
2. Return-Path: <nobody@server.jparadiso.com>
3. Received: from mxe25.s.uw.edu (mxe25.s.uw.edu [173.250.227.25])
4. by mailman13.u.washington.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id v0AHIlWM021128
5. for <pluuw@mailman13.u.washington.edu>; Tue, 10 Jan 2017 09:18:48 -0800
6. Received: from server.jparadiso.com (server.jparadiso.com [72.44.81.201])
7. by mxe25.s.uw.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id v0AHIW27001955
8. (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
9. for <pluuw@u.washington.edu>; Tue, 10 Jan 2017 09:18:33 -0800
10. Received: from nobody by server.jparadiso.com with local (Exim 4.87)
11. (envelope-from <nobody@server.jparadiso.com>)
12. id 1cR048-0006nv-1z
13. for pluuw@u.washington.edu; Tue, 10 Jan 2017 12:18:32 -0500
14. To: pluuw@u.washington.edu
15. Subject: Webmail Security Alert
16. From: "Webmail Security" <radicals@u.washington.edu>
17. Reply-To:
18. Content-Type: multipart/alternative; boundary=94k12dx0d4zwb57rtq47oh4rovcu
19. Message-Id: <E1cR048-0006nv-1z@server.jparadiso.com>
20. Date: Tue, 10 Jan 2017 12:18:32 -0500
21. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
22. X-AntiAbuse: Primary Hostname - server.jparadiso.com
23. X-AntiAbuse: Original Domain - u.washington.edu
24. X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
25. X-AntiAbuse: Sender Address Domain - server.jparadiso.com
26. X-Get-Message-Sender-Via: server.jparadiso.com: uid via acl_c_vhost_owner from authenticated_id: jparadis from //vweb.jparadiso.com/hm.php /only user confirmed/virtual account not confirmed
27. X-Authenticated-Sender: server.jparadiso.com: jparadis
28. X-PMX-Version: 6.3.1.2588712, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.1.10.171518
29. X-PMX-Server: mxe25.s.uw.edu
30. X-Uwash-Spam: Gauge=XXI, Probability=21%, Report='
31. REPLY_TO_EMPTY 1.699, MIME_HEADER_CTYPE_ONLY 0.5, PHISH_SPEAR_CONTENT_X3 0.1, PHISH_SPEAR_CONTENT_X4 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1200_1299 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, CTYPE_MULTIPART_NO_QUOTE 0, DATE_TZ_NA 0, IP_HTTP_ADDR 0, NO_URI_HTTPS 0, SMALL_BODY 0, SPF_NONE 0, URI_ENDS_IN_PHP 0, __ANY_URI 0, __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __FRAUD_ANTIABUSE 0, __FRAUD_INTRO 0, __FROM_DOMAIN_IN_ANY_TO2 0, __FROM_DOMAIN_IN_RCPT 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, __HTML_AHREF_TAG 0, __HTML_TAG_DIV 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MULTIPLE_URI_TEXT 0, __PHISH_SPEAR_GREETING 0, __PHISH_SPEAR_SUBJECT 0, __PHISH_SPEAR_TEAM 0, __PHISH_SUBJ_PHRASE2 0,
32. __SANE_MSGID 0, __SPEAR_FROM_NAME_A 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NO_MAILTO 0, __URI_NO_WWW 0, __URI_WITH_PATH 0'
33.  
34. Message Body (#1):
35. Dear Webmail User,
36. We have embarked on a new security enhancement on all accountswith us. And as such, you are required to enroll for this security feature.
37. Please note that on failure to comply your mail service will be
38. discontinued. to enroll, visit Our security enhancement portal
39. <http://69.65.119.25/~smirnov/portal/cache/account/enhancement/strongauth.php?id=pluuw@u.washington.edu>
40. .
41.  
42. Sincerely,
43. The Webmail Team
44. <div dir="ltr">Dear Webmail User,<br>
45. We have embarked on a new <span>security</span> <span>enhancement</span> on all accounts with us. And as such,<br> you are required to enroll for this <span >security</span> feature. Please note that on failure to comply your mail service <br>will be discontinued. to enroll, visit <a href="http://69.65.119.25/~smirnov/portal/cache/account/enhancement/strongauth.php?id=pluuw@u.washington.edu">
46. Our security enhancement portal</a>.<br><br>
47.  
48. <br>
49. Sincerely,<br>
50. The Webmail Team<br>
51. </div>
52.  
53. Message Header (#2):
54. Return-Path: <nobody@server.jparadiso.com>
55. Received: from mxe21.s.uw.edu (mxe21.s.uw.edu [140.142.32.134])
56. by mailman13.u.washington.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id v0AHMYTi028457
57. for <pluuw@mailman13.u.washington.edu>; Tue, 10 Jan 2017 09:22:34 -0800
58. Received: from server.jparadiso.com (server.jparadiso.com [72.44.81.201])
59. by mxe21.s.uw.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id v0AHM5YV006339
60. (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
61. for <pluuw@u.washington.edu>; Tue, 10 Jan 2017 09:22:06 -0800
62. Received: from nobody by server.jparadiso.com with local (Exim 4.87)
63. (envelope-from <nobody@server.jparadiso.com>)
64. id 1cR07Z-0008NW-CL
65. for pluuw@u.washington.edu; Tue, 10 Jan 2017 12:22:05 -0500
66. To: pluuw@u.washington.edu
67. Subject: Re:
68. From: "Maximo Lenders" <radicals@u.washington.edu>
69. Reply-To: alt.g4-d1o6q5x@yopmail.com
70. Content-Type: multipart/alternative; boundary=nhsc1mecbpooijxenuwi1bjakurc
71. Message-Id: <E1cR07Z-0008NW-CL@server.jparadiso.com>
72. Date: Tue, 10 Jan 2017 12:22:05 -0500
73. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
74. X-AntiAbuse: Primary Hostname - server.jparadiso.com
75. X-AntiAbuse: Original Domain - u.washington.edu
76. X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
77. X-AntiAbuse: Sender Address Domain - server.jparadiso.com
78. X-Get-Message-Sender-Via: server.jparadiso.com: uid via acl_c_vhost_owner from authenticated_id: jparadis from //vweb.jparadiso.com/hm.php /only user confirmed/virtual account not confirmed
79. X-Authenticated-Sender: server.jparadiso.com: jparadis
80. X-PMX-Version: 6.3.1.2588712, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.1.10.171518
81. X-PMX-Server: mxe21.s.uw.edu
82. X-Uwash-Spam: Gauge=XXIIII, Probability=24%, Report='
83. FRAUD_LITTLE_BODY 2, MIME_HEADER_CTYPE_ONLY 0.5, HTML_NO_HTTP 0.1, REPLYTO_FROM_DIFF_ADDY 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTP_SIZE_3000_LESS 0, BODYTEXTP_SIZE_400_LESS 0, BODY_SIZE_1000_LESS 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, BODY_SIZE_700_799 0, CTYPE_MULTIPART_NO_QUOTE 0, DATE_TZ_NA 0, NO_URI_HTTPS 0, SMALL_BODY 0, SPF_NONE 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __FRAUD_ANTIABUSE 0, __FRAUD_BODY_WEBMAIL 0, __FRAUD_COMMON 0, __FRAUD_FINANCE_PROBLEM 0, __FRAUD_LOAN_VALUE 0, __FRAUD_MONEY 0, __FRAUD_WEBMAIL 0, __FROM_DOMAIN_IN_ANY_TO2 0, __FROM_DOMAIN_IN_RCPT 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_REPLYTO 0, __HTML_AHREF_TAG 0, __HTML_TAG_DIV 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0,
84. __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __SANE_MSGID 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NO_WWW 0, __URI_NS '
85.  
86. Message Body (#2):
87. Hi,
88. Get your low interest loans today. with interest rate as low as 8% per
89. annum we're hard to beat
90. bad credit score? no problem! we have a solution for everyone.
91. just send us an email to: maximo.lender@qq.com for more information.
92. <div dir="ltr">Hi,<br>Get your low interest loans today. with interest rate as low as 8% per<br>annum we're hard to beat<br>bad credit score? no problem! we have a solution for everyone.<br>just send us an email to: <a href="mailto:maximo.lender@qq.com">maximo.lender@qq.com</a> for more information.<br></div>