I know this is probably off-topic but I would be very grateful if somebody could point me to the proper forums or something. I posted here since I don’t know of any other forums with people who can understand what is happening.
As far as I remember, no spam ever landed in my gmail inbox. Curiously, an email from a hotmail account that I set to forward to the gmail account managed that. I clicked show original and from what I could see, it came from the hotmail account. I went hotmail (because the source email in gmail contains the forwardings and stuff which I think will not interest anybody) and here is the email. It also comes with an attached document (which I did not upload).
-----------------------------
From: John Kivlin (John.Kivlin@edinburgh.gov.uk) You moved this message to its current location.
Sent: Fri 12/06/13 8:07 PM
To: win@winner.be
----------------------------
Confirmation Email Ref No: (BHRTS-12462264572311)
Reply Email: base.line@aol.com
Following official publication result of the end of year email sweepstakes program released on 4th December, 2013. Organized by the B-PLUS LOTTERY EMAIL SWEEPSTATKS. your electronic email address attached
to a Ticket Number (R-54456102-6 )has won the prize Sum of 1,500,000.00 Only (1.5M Euro Only). For further enquires and claims of your winning
CONTACT: Mr. Jean Paul
CITY/ COUNTRY: Bruxelles Belgium.
TEL: +32487966076
Reply to Email: base.line@aol.com
It is important to note you that your award information was released today with the following particulars attached to it.
E-mail Ticket BHRTS-12462264572311
Reference NO:JKLU-65-71-63-22
Serial NO: 4413-82
Batch NO: 00/23888/DUHT
DRAW LUCKY No: 23-56-89-63-85-36*0
Your Full Name & Telephone Number
Please open the attached file and fill it very carefully
Please note that all winning must be claimed not later than 21 working days.
Sincerely,
Mrs. Deborah Friedmann.
CITY/ COUNTRY: Bruxelles-Belgium.
**********************************************************************
This email and files transmitted with it are confidential and are intended for the sole use of the individual or organisation to whom they are addressed.
If you have received this eMail in error please notify the sender immediately and delete it without using, copying, storing, forwarding or disclosing its contents to any other person.
The Council has endeavoured to scan this eMail message and attachments for computer viruses and will not be liable for any losses incurred by the recipient.
**********************************************************************
As far as I know, my email isn't [b]win@winner.be[/b]
I tried [b]View Message Source[/b]. Results follow:
x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensydyekesGC2M=
Authentication-Results: hotmail.com; spf=pass (sender IP is 193.39.157.26) smtp.mailfrom=John.Kivlin@edinburgh.gov.uk; dkim=none header.d=edinburgh.gov.uk; x-hmca=pass header.id=John.Kivlin@edinburgh.gov.uk
X-SID-PRA: John.Kivlin@edinburgh.gov.uk
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: 9OBUEiYur8qLpx2wXz5jkncbHT87PpDGt7ZXk52Pba4UaVhDBI0v+Cx9y76Wx9h1MjQ4LkEjdXKi6gL7Hb0hhbPsV0o7F5Xy7xv8m+nwUS/Asueg6DJcfq8nXzbPmoXsBj5A1o5xnvWyBJSgwUeFX/sl2vUbW0pF24GQfYlbBkeDtCBieQvhe7m6W9Q8B9SgC2xMUlB5w8iW+pqEY05ccibNdz4RXXfd
Received: from smtp3.edin.org ([193.39.157.26]) by SNT0-MC4-F23.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Fri, 6 Dec 2013 08:07:45 -0800
Received: from c-cap-sec-02.corpad.corp.edinburgh.gov.uk (unknown [192.168.17.96])
by smtp3.edin.org (Postfix) with ESMTP id E46228B4F;
Fri, 6 Dec 2013 16:07:42 +0000 (GMT)
Received: from C-CAP-MAIL-01.corpad.corp.edinburgh.gov.uk
(c-cap-exch-02.corpad.corp.edinburgh.gov.uk [192.168.227.194]) by
c-cap-sec-02.corpad.corp.edinburgh.gov.uk (8.14.5/8.14.5) with ESMTP
id rB6G6IgP027951; Fri, 6 Dec 2013 16:06:59 GMT
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01CEF29D.0072F92A"
Subject: Confirmation Email Ref No: (BHRTS-12462264572311)
Date: Fri, 6 Dec 2013 16:05:04 -0000
Message-ID: <7F080E1A65E0634D9E0ECDCD4D2E839901FAB3EF@C-CAP-MAIL-01.corpad.corp.edinburgh.gov.uk>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Confirmation Email Ref No: (BHRTS-12462264572311)
Thread-Index: Ac7ynO0DVkcjHeIoSRaR2sNktD1cng==
From: "John Kivlin"
To:
Return-Path: John.Kivlin@edinburgh.gov.uk
X-OriginalArrivalTime: 06 Dec 2013 16:07:45.0507 (UTC) FILETIME=[4CF27B30:01CEF29D]
This is a multi-part message in MIME format.
------_=NextPart_001_01CEF29D.0072F92A
Content-Type: multipart/alternative;
boundary="----=_NextPart_002_01CEF29D.0072F92A"
------_=_NextPart_002_01CEF29D.0072F92A
Content-Type: text/plain; charset=“iso-8859-1”
Content-Transfer-Encoding: quoted-printable
Insert email here. See above quote. Exactly the same.
------_=_NextPart_002_01CEF29D.0072F92A
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Here I cut what looks like the email but in html instead.
------_=_NextPart_002_01CEF29D.0072F92A--
------_=_NextPart_001_01CEF29D.0072F92A
Content-Type: application/msword; name=“P.B-PLUS DOC…doc”
Content-Transfer-Encoding: base64
Content-Description: P.B-PLUS DOC…doc
Content-Disposition: attachment; filename=“P.B-PLUS DOC…doc”
Here comes a ton of gibberish, like a really long randomly generated password (probably 10 pages or more)…
------_=_NextPart_001_01CEF29D.0072F92A--
Email Source ends here.
I had to cut out a portion of text which I would have included but could not due to the forums 10 000 character limit. Originally my post would have been around 15 000 characters. (Now its 8 500). I could upload the whole thing if somebody needs to see it.
I remembered somebody somewhere mentioned whois.com and a lookup gives:
edinburgh.gov.uk is available!
even if hitting [b]edinburgh.gov.uk[/b] does land me on a page titled "The City of Edinburgh Council", which looks pretty legitimate to me...
I forgot why but in the middle of looking around, somehow I also looked up edin.org on whois.com
Domain ID:D1948201-LROR
Domain Name:EDIN.ORG
Created On:10-Sep-1998 04:00:00 UTC
Last Updated On:23-Jul-2012 13:59:45 UTC
Expiration Date:09-Sep-2015 04:00:00 UTC
Sponsoring Registrar:ASCIO Technologies, Inc. - Denmark (R76-LROR)
Status:OK
Registrant ID:24040204-NSI
Registrant Name:City of Edinburgh Council
Registrant Organization:City of Edinburgh Council
Registrant Street1:Wellington Court
Registrant Street2:
Registrant Street3:
Registrant City:Edinburgh
Registrant State/Province:Scotland
Registrant Postal Code:EH1 3EG
Registrant Country:GB
Registrant Phone:+1.9999999999
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:email@edinburgh.gov.uk
Admin ID:40802719-NSI
Admin Name:Jacqueline Allan
Admin Organization:The City of Edinburgh Council
Admin Street1:Waverley Court
Admin Street2:Level 2/2 4 East Market Street
Admin Street3:
Admin City:Edinburgh
Admin State/Province:
Admin Postal Code:EH8 8BG
Admin Country:GB
Admin Phone:+1.444131529
Admin Phone Ext.:
Admin FAX:+1.444131529
Admin FAX Ext.:
Admin Email:email@edinburgh.gov.uk
Tech ID:AT80747982973
Tech Name:Jacqueline Allan
Tech Organization:The City of Edinburgh Council
Tech Street1:Level 2.2, Waverley Court 4
Tech Street2:East Market Street
Tech Street3:
Tech City:Edinburgh
Tech State/Province:Edinburgh
Tech Postal Code:EH8 8BG
Tech Country:GB
Tech Phone:+44.1315294473
Tech Phone Ext.:
Tech FAX:+44.1315297479
Tech FAX Ext.:
Tech Email:email@edinburgh.gov.uk
Name Server:NS0.EDIN.ORG
Name Server:NS1.EDIN.ORG
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
related domain names
edinburgh.gov.uk
Huh what?
Clicking the link (here edinburgh.gov.uk is a link) lands me the same page as above: “edinburgh.gov.uk is available!”
Now I am confused… First I get an email not addressed to me, which manages to bypass my gmail spam filters (That’s why it piqued my interest) and sent from a non-existent edinburgh.gov.uk according to whois.com. All the while, edinburgh.gov.uk lands me on a City of Edinburgh Council page which incidentally is registered under edin.org…
Anybody with any sort of idea how can happen?