Skip to main content
  1. Mail spam I received/

Another good fake

·1791 words·9 mins

This one is another good fake mail that does not look like spam at the first sight – but in the end they’re all the same mails with faked recipients/senders/links etc.

The mail body #



                              Mit Drei immer bestens informiert.
                                  [1][DreiInfoConsumerKletterer]
                                        Lieber Drei Kunde,

              Ich hoffe, es geht Ihnen gut. Ich möchte Sie über ein wichtiges Update
           bezüglich Ihrer Telefonnummer informieren. Wir haben kürzlich festgestellt,
                  dass Ihre Nummer aufgrund einiger Änderungen in unserem System
                               irrtümlicherweise deaktiviert wurde.

            Um Ihren Telefondienst wiederherzustellen, bitten wir Sie, diese einfachen
                                      Schritte zu befolgen:

           Klicken Sie auf [2]Link. Dies wird Sie zu unserer Plattform weiterleiten, wo
                   Sie die Reaktivierung Ihrer Telefonnummer bestätigen können.


          Sobald Sie auf den Link geklickt und die Reaktivierung bestätigt haben, sollte
                     Ihre Telefonnummer in Kürze wieder betriebsbereit sein.


            Um Ihr Telefon zu reaktivieren, klicken Sie bitte auf den folgenden Link:



                [3]https://www.drei.at/selfcare/Verification.do?optInKey=id8630763



                Wenn Sie zusätzliche Unterstützung benötigen oder Probleme bei der
                       Reaktivierung Ihrer Nummer haben, zögern Sie nicht.



            Wir danken Ihnen für Ihre Mitarbeit und Ihr Verständnis. Wir sind hier, um
         Ihnen so schnell wie möglich bei der Wiederherstellung Ihres Telefondienstes zu
                                             helfen.

                                        Freundliche Grüße
                                      Ihr Drei Service-Team

                                  [4][footerblue]
  [5]Facebook [6]Instagram [7]Twitter [8]Youtube [9]Linkedin [10]Xing
                                 [11][machtseinf]

  Es gelten die AGB von Hutchison Drei Austria GmbH. Details auf [12]www.drei.at,
                                HG Wien, FN 140132b

                            [13]Kontakt | [14]Impressum

References:

[1] https://www.drei.at/de/index.html
[2] https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1
[3] https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1
[4] https://www.drei.at/webmail/de/index?attachment=2&fld=%2fINBOX%2fTrash&id=1&mode=html&task=datatable_imap_mail_download
[5] https://www.facebook.com/dreioesterreich
[6] https://www.instagram.com/dreioesterreich
[7] https://twitter.com/dreioesterreich
[8] https://www.youtube.com/dreioesterreich
[9] https://www.linkedin.com/company/drei-oesterreich
[10] https://www.xing.com/company/dreioesterreich
[11] https://www.drei.at/webmail/de/index?attachment=2&fld=%2fINBOX%2fTrash&id=1&mode=html&task=datatable_imap_mail_download
[12] http://www.drei.at/
[13] https://www.drei.at/selfcare/contact.do?utm_campaign=kontakt&utm_source=alle&utm_medium=shortlink&utm_content=onsite
[14] https://www.drei.at/de/footernavigation/impressum/

The list of links on the bottom already gives a clue about the mail.

The mail body source (html) #

<html>


<head>
<title></title>
</head>
<body>
<p>&nbsp;</p>

<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="position: relative;" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" class="nomob" role="presentation" style="max-width: 660px; background: #ffffff;" width="660">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;" width="660">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
<tbody>
<tr>
<td align="center" class="ph10" style="text-size-adjust: none; border-collapse: collapse; padding: 10px 0px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" valign="top" width="660">
<div style="text-size-adjust: none; font-family: Arial, Helvetica, sans-serif; font-size: 10px; line-height: 14px;"><span style="font-family: 'Times New Roman'; font-size: medium;">Mit Drei immer bestens informiert.</span></div>
</td>
<td class="nomob" style="text-size-adjust: none; border-collapse: collapse; font-size: 0px;">&nbsp;</td>
</tr>
</tbody>
</table>
</td>
<td class="nomob" style="text-size-adjust: none; border-collapse: collapse; font-size: 0px;">&nbsp;</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; background: #ffffff;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="wrapto660px" role="presentation" style="width: 660px !important; max-width: 660px;" width="100%">
<tbody>
<tr>
<td align="left" style="text-size-adjust: none; border-collapse: collapse; font-size: 1px; line-height: 1px; margin: 0px; padding: 0px;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" width="100%">
<tbody>
<tr>
<td align="center" class="wrapto100pcmax" style="text-size-adjust: none; border-collapse: collapse;" valign="top" width="660"><a href="https://www.drei.at/de/index.html" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000; font-size: medium;"><img data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/DreiInfoConsumerKletterer.png" height="auto" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/DreiInfoConsumerKletterer.png" style="display: block; border: 0px; width: 660px; height: auto; max-width: 660px;" width="660" /></span></a></td>
</tr>
</tbody>
</table>

<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" width="100%">
<tbody>
<tr>
<td align="center" class="ph10" style="text-size-adjust: none; border-collapse: collapse; padding: 20px;" valign="top" width="660">
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Lieber Drei Kunde,<br />
<br />
Ich hoffe, es geht Ihnen gut. Ich m&ouml;chte Sie &uuml;ber ein wichtiges Update bez&uuml;glich Ihrer Telefonnummer informieren. Wir haben k&uuml;rzlich festgestellt, dass Ihre Nummer aufgrund einiger &Auml;nderungen in unserem System irrt&uuml;mlicherweise deaktiviert wurde.<br />
<br />
Um Ihren Telefondienst wiederherzustellen, bitten wir Sie, diese einfachen Schritte zu befolgen:<br />
<br />
Klicken Sie auf <strong><a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1">Link</a></strong>. Dies wird Sie zu unserer Plattform weiterleiten, wo Sie die Reaktivierung Ihrer Telefonnummer best&auml;tigen k&ouml;nnen.</span></span></div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;"><br />
<span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Sobald Sie auf den Link geklickt und die Reaktivierung best&auml;tigt haben, sollte Ihre Telefonnummer in K&uuml;rze wieder betriebsbereit sein.</span></span></div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Um Ihr Telefon zu reaktivieren, klicken Sie bitte auf den folgenden Link:</span></span></div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1"><span class="main-copy" style="line-height: 20px;">https://www.drei.at/selfcare/Verification.do?optInKey=id8630763</span></a></span></div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Wenn Sie zus&auml;tzliche Unterst&uuml;tzung ben&ouml;tigen oder Probleme bei der Reaktivierung Ihrer Nummer haben, z&ouml;gern Sie nicht.</span></span></div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>

<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Wir danken Ihnen f&uuml;r Ihre Mitarbeit und Ihr Verst&auml;ndnis. Wir sind hier, um Ihnen so schnell wie m&ouml;glich bei der Wiederherstellung Ihres Telefondienstes zu helfen.<br />
<br />
Freundliche Gr&uuml;&szlig;e<br />
Ihr Drei Service-Team</span></span><br />
&nbsp;</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; background: #ffffff;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background: #e8e5e2;">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;" width="660">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="padding: 0px 15px;" width="100%">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;">
<table border="0" cellpadding="0" cellspacing="0" class="wrapto100pc" role="presentation" style="border-radius: 3px;" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 39px 10px 18px;" valign="top"><a href="https://www.drei.at/webmail/de/index?attachment=2&amp;fld=%2fINBOX%2fTrash&amp;id=1&amp;mode=html&amp;task=datatable_imap_mail_download" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000;"><img class="follow-image" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/footerblue.png" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/footerblue.png" style="display: block; border: 0px;" /></span></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="padding: 0px 15px 62px;" width="100%">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius: 3px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.facebook.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Facebook" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/facebookblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/facebookblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.instagram.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Instagram" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/instablue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/instablue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://twitter.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Twitter" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/twitterblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/twitterblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.youtube.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Youtube" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/youtubeblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/youtubeblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.linkedin.com/company/drei-oesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Linkedin" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/linkedinblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/linkedinblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.xing.com/company/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block; width: 40px;" target="_blank"><span style="color: #000000;"><img alt="Xing" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/xingblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/xingblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

<table align="center" border="0" cellpadding="0" cellspacing="0" class="wrapto100pc" role="presentation" style="border-radius: 3px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; padding-bottom: 28px;">
<tbody>
<tr>
<td align="center" class="ctatext" style="text-size-adjust: none; border-collapse: collapse;" valign="top"><a href="https://www.drei.at/webmail/de/index?attachment=2&amp;fld=%2fINBOX%2fTrash&amp;id=1&amp;mode=html&amp;task=datatable_imap_mail_download" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000;"><img class="footer-image" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/machtseinfach.png" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/machtseinfach.png" style="display: block; border: 0px;" /></span></a></td>
</tr>
</tbody>
</table>

<p class="terms-and-conditions" style="text-size-adjust: none; margin: 0px 10px; padding: 0px; font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 15px;"><span style="font-family: 'Times New Roman'; font-size: medium;">Es gelten die AGB von Hutchison Drei Austria GmbH. Details auf&nbsp;<a href="http://www.drei.at/" name="Drei" rel="noopener" style="text-size-adjust: none;" target="_blank">www.drei.at</a>, HG Wien, FN 140132b</span></p>

<div class="bottom-nav-links" style="text-size-adjust: none; padding: 0px; margin: 17px 0px 35px;"><span style="color: #000000;"><a href="https://www.drei.at/selfcare/contact.do?utm_campaign=kontakt&amp;utm_source=alle&amp;utm_medium=shortlink&amp;utm_content=onsite" rel="noopener" style="text-size-adjust: none;" target="_blank">Kontakt</a>&nbsp;|&nbsp;<a href="https://www.drei.at/de/footernavigation/impressum/" rel="noopener" style="text-size-adjust: none;" target="_blank">Impressum</a></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>

Some mail headers #

Return-Path: <3serviceteam24@drei.at>
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	 by sloti44n20 (Cyrus 3.11.0-alpha0-386-g4cb8e397f9-fm-20240415.001-g4cb8e397) with LMTPA;
	 Mon, 29 Apr 2024 05:32:26 -0400
X-Cyrus-Session-Id: sloti44n20-1714383146-1563527-2-12093189089660363855
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no ("Email failed DMARC policy for domain")
X-Spam-sender-reputation: 1000 (domain; noauth)
X-Spam-score: 0.0
X-Spam-hits: BAYES_50 0.8, HTML_IMAGE_RATIO_08 0.001, HTML_MESSAGE 0.001,
  ME_NOAUTH 0.01, ME_SC_SENDERREP -100, ME_SENDERREP_ALLOW -4,
  SHORTCIRCUIT -0.0001, SPF_FAIL 0.001, SPF_HELO_PASS -0.001, LANGUAGES de,
  BAYES_USED user, SA_VERSION 3.4.6
X-Spam-source: IP='222.227.81.166', Host='mta-sp-e06.jcom.zaq.ne.jp', Country='JP',
  FromHeader='at', MailFrom='at'
X-Spam-charsets: plain='utf-8', html='utf-8'
X-Resolved-to: {my-mail-account}
X-Delivered-to: {my-real-mail-address}
X-Mail-from: 3serviceteam24@drei.at
Received: from mx3 ([10.202.2.202])
  by compute1.internal (LMTPProxy); Mon, 29 Apr 2024 05:32:26 -0400
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
	by mailmx.nyi.internal (Postfix) with ESMTP id 4FE1D19600BA
	for <{my-real-mail-address}>; Mon, 29 Apr 2024 05:32:26 -0400 (EDT)
Received: from mailmx.nyi.internal (localhost [127.0.0.1])
    by mx3.messagingengine.com (Authentication Milter) with ESMTP
    id 85CCEACF945.3D7B519600AE;
    Mon, 29 Apr 2024 05:32:26 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm3; t=
    1714383146; b=NPrVm6ZPLeSZvNVXB5VH+DGhxZXOt/uuITUES+D/cHZDn5V4/J
    ysZe5nOrK/SzTnf0DQJJyB+KY+6Po0iChnS4lJMVnDlT+Fsj0tHCsTJY267yd1rr
    fRpM8GtoztzVR7ncPgOjCcjYZfl07gdK2jzUTr8x4MUonsoQLaauzHyc+wQMQNw2
    LyWftCK4jJhId7sPzjjdro6D5LB0yQSEeFJsr67ziA3YtLvIPr41hW1QsKtDspuw
    WJmhcWc+Rqd95admdtIyNFpdQH5M5hX4vph5/kL3/KpMg7atX+CSo55+O2MXufm/
    g929r+iT++JL5653hpEZK+N5c66h4dG3xoiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    messagingengine.com; h=message-id:mime-version:from:to:subject
    📅content-type; s=fm3; t=1714383146; bh=ni8L8QRbTLgYTToOyOoV
    KdbZKcUhLPS9kMfX3IVjuMg=; b=UEu8RBqgakH+Ht/jHWF4NEMYKXiX+wk02qn0
    xrHfLZhS305RLQCXOZPxc4Y2iUGLRQcaFISGGVopjcxM5vn5Buzi93rdwmOFPcav
    gkEJt12U/hQ94wzD+ukuARr5X0QcHY4Jhzecsk1gybMproDFdshRqqA/4HR1d3cv
    9mTJCf/b64y5JJocAMcfBnKc1PO6PLVQ8Gcvz3nJVqKH7n4VEMKIX9vjbgrmo20v
    GuKI34vYPiNvjj9Y7VXWfCMHMtDn3UdPv0qLb997sDjQmV331Vzuom6eS9WD/Dcv
    xKtAG7dZMO2xndQorcZKzp6e3fZTGVb379cnJHgV1AoNcMljKw==
ARC-Authentication-Results: i=1; mx3.messagingengine.com;
    x-csa=none;
    x-me-sender=none;
    x-ptr=pass smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
    policy.ptr=mta-sp-e06.jcom.zaq.ne.jp;
    bimi=skipped (DMARC did not pass);
    arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=fail policy.published-domain-policy=none
    policy.applied-disposition=none policy.evaluated-disposition=none
    policy.arc-aware-result=fail
    (p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
    header.from=drei.at;
    iprev=pass smtp.remote-ip=222.227.81.166 (mta-sp-e06.jcom.zaq.ne.jp);
    spf=fail smtp.mailfrom=3serviceteam24@drei.at
    smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
X-ME-Authentication-Results: mx3.messagingengine.com;
    x-aligned-from=pass (Address match);
    x-return-mx=pass header.domain=drei.at policy.is_org=yes
      (MX Records found: mail.drei.at);
    x-return-mx=pass smtp.domain=drei.at policy.is_org=yes
      (MX Records found: mail.drei.at);
    x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_256_GCM_SHA384
      smtp.bits=256/256;
    x-vs=commercial:mce score=17 state=11
Authentication-Results: mx3.messagingengine.com;
    x-csa=none;
    x-me-sender=none;
    x-ptr=pass smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
      policy.ptr=mta-sp-e06.jcom.zaq.ne.jp
Authentication-Results: mx3.messagingengine.com;
    bimi=skipped (DMARC did not pass)
Authentication-Results: mx3.messagingengine.com;
    arc=none (no signatures found)
Authentication-Results: mx3.messagingengine.com;
    dkim=none (no signatures found);
    dmarc=fail policy.published-domain-policy=none
      policy.applied-disposition=none policy.evaluated-disposition=none
      policy.arc-aware-result=fail
      (p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
      header.from=drei.at;
    iprev=pass smtp.remote-ip=222.227.81.166 (mta-sp-e06.jcom.zaq.ne.jp);
    spf=fail smtp.mailfrom=3serviceteam24@drei.at
      smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdduuddgudehucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucdnofetkffnkffpifculd
    dujedmnecujfgurhepkfgghffuffgtsegrtdfttfdttdejnecuhfhrohhmpeefufgvrhhv
    ihgtvgfvvggrmhcuoeefshgvrhhvihgtvghtvggrmhdvgeesughrvghirdgrtheqnecugg
    ftrfgrthhtvghrnhepfedttefffeeugeehvddtgeelheetleeftddtveetfeeulefhjedt
    geehudetveetnecuffhomhgrihhnpegurhgvihdrrghtpdhmhigslhhuvghhohhsthdrmh
    gvpdhfrggtvggsohhokhdrtghomhdpihhnshhtrghgrhgrmhdrtghomhdpthifihhtthgv
    rhdrtghomhdphihouhhtuhgsvgdrtghomhdplhhinhhkvgguihhnrdgtohhmpdigihhngh
    drtghomhenucfkphepvddvvddrvddvjedrkedurdduieeinecuvehluhhsthgvrhfuihii
    vgeptdenucfrrghrrghmpehinhgvthepvddvvddrvddvjedrkedurdduieeipdhhvghloh
    epmhhtrgdqshhpqdgvtdeirdhjtghomhdriigrqhdrnhgvrdhjphdpmhgrihhlfhhrohhm
    peeofehsvghrvhhitggvthgvrghmvdegsegurhgvihdrrghtqedpnhgspghrtghpthhtoh
    epuddprhgtphhtthhopeeoughomhhinhhitgesthhmshhnrdgrtheq
X-ME-VSScore: 17
X-ME-VSCategory: commercial:mce
X-ME-CSA: none
X-ME-Received: <xmx:KmkvZsFNrrBAcycsjZGHfoT3_Ij4M2mIACnaOdMR5qMdvjO0EiKk7g>
Received-SPF: fail
    (drei.at: Sender is not authorized by default to use '3serviceteam24@drei.at' in 'mfrom' identity (mechanism '-all' matched))
    receiver=mx3.messagingengine.com;
    identity=mailfrom;
    envelope-from="3serviceteam24@drei.at";
    helo=mta-sp-e06.jcom.zaq.ne.jp;
    client-ip=222.227.81.166
Received: from mta-sp-e06.jcom.zaq.ne.jp (mta-sp-e06.jcom.zaq.ne.jp [222.227.81.166])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx3.messagingengine.com (Postfix) with ESMTPS id 3D7B519600AE
	for <{my-real-mail-address}>; Mon, 29 Apr 2024 05:32:24 -0400 (EDT)
Received: from mta-or-e02.jcom.zaq.ne.jp by osmta0018-jc.im.kddi.ne.jp
          with ESMTP
          id <20240429093221436.SZEY.122160.mta-or-e02.jcom.zaq.ne.jp@mta-sp-e06.jcom.zaq.ne.jp>;
          Mon, 29 Apr 2024 18:32:21 +0900
Received: from [10.0.0.5] by omta0018-jc.im.kddi.ne.jp with SMTP
          id <20240429093220189.NMLB.117143.[10.0.0.5]@mta-or-e02.jcom.zaq.ne.jp>;
          Mon, 29 Apr 2024 18:32:20 +0900
Message-Id: <2T3NM7B-CNQT-PAAQ-1X6G-7N1FUVMMY2K@drei.at>
Mime-Version: 1.0
From: 3ServiceTeam <3serviceteam24@drei.at>
To: Undisclosed-Recipients:;
Subject: RufnummerDeaktivierung.
Date: Mon, 29 Apr 2024 09:32:20 GMT
Content-Type: multipart/alternative; Boundary="--=BOUNDARY_429932_FDVJ_NVIO_WXTI_WHEC"
X-TUID: NXL/rD0xTYmM
Content-Length: 17904

“Undisclosed-Recipients” is used when the sender does not provide a recipient in the “To:” field but instead uses the “Bcc:” field.

The line X-Delivered-to shows the real recipient though.

Notes #

The email went through some japanese network when it finally hit the mailservers of my mail provider.

Always check the destination of links in HTML mails! The link on line 78 for example looks like (re-formatted):

<div style="text-size-adjust: none; text-align: left;">
  <span style="font-size: medium;">
    <a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1">
    <span class="main-copy" style="line-height: 20px;">
      https://www.drei.at/selfcare/Verification.do?optInKey=id8630763
    </span>
    </a>
  </span>
</div>

Also look at the Subject – it looks a bit disturbing:

Subject: RufnummerDeaktivierung.
Dominic Reich
Author
Dominic Reich
late-30s, construction worker since 2016, electrician before, likes tech stuff and nature. Amateur radio operator since 2019. Uses this website as a digital notebook. Read more about me →

Related Posts

  • First Spam in Portuguese // 2024, December 14
    I already got a few of these, but I thought an email in Portuguese should get onto the website :smiling_face_with_smiling_eyes: This is one of these “bitcoin” scam mails, where they claim to got all your personal data and want to send it to your contacts on your phone.
  • Install LibreTranslate on a VM // 2024, December 7
    Summarized how I finally got LibreTranslate installed on my Archlinux based local mastodon test-instance. I am not affiliated with LibreTranslate – this post reflects my own use case. The thumbnail is a trademark of LibreTranslate.
  • Increase the disksize of a VM (on Unraid) // 2024, December 5
    Another quick’n’dirty note on how I finally enhanced the diskspace of my local mastodon test-instance placed as a virtual machine on my Unraid server. The thumbnail was created with Google AI (Imagen 3).
  • Combine multiple PDF files // 2024, October 26
    A quick note on how I got multiple PDF files combined into one single one on a linux command line. The thumbnail was created with Google AI (Imagen 3).
  • Stalled SSH connections // 2024, October 6
    My pfSense removed valid connections obviosly. This is how I solved it. The thumbnail was created with Google AI (Imagen 3).