Just got this E-mail from OKPAY, I think it's phishing

[Remember remember the 5th of November]

Dear partners,

Due to legal issues OKPay will close all operations by May 1. 2012.

Please use this time to withdraw your available balance.

Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e

What do you think? I've never registered to this site, but I got the mail.

Headers

                                                                                                                                                                                                                                                               
Delivered-To: xxxxxxx
Received: by 10.112.27.135 with SMTP id t7csp15106lbg;
        Fri, 13 Apr 2012 09:02:51 -0700 (PDT)
Received: by 10.204.156.12 with SMTP id u12mr691269bkw.33.1334332970837;
        Fri, 13 Apr 2012 09:02:50 -0700 (PDT)
Return-Path: <support@okpay.com>
Received: from 173.194.69.27 (cairo.perfect-privacy.com. [41.215.241.234])
        by mx.google.com with SMTP id t8si3645873bkd.28.2012.04.13.09.02.48;
        Fri, 13 Apr 2012 09:02:50 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning support@okpay.com does not designate 41.215.241.234 as permitted sender) client-ip=41.215.241.234;
Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning support@okpay.com does not designate 41.215.241.234 as permitted sender) smtp.mail=support@okpay.com
Received: from 112.2.44.70 by ; Fri, 13 Apr 2012 19:55:47 +0300
Message-ID: <RPOFLGCWBXOHPJYIWJGKZ@msn.com>
From: "OKPAY" <support@okpay.com>
Reply-To: "OKPAY" <support@okpay.com>
To: xxxx, xxxx
Subject: OKPAY Closing
Date: Fri, 13 Apr 2012 15:01:47 -0200
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="--15733187150045582"
X-Priority: 3
X-MSMail-Priority: Normal

----15733187150045582
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

[1713860624]

1713860624

[1713860624]

1713860624

[1713860624]

1713860624

[1713860624]

1713860624

[Red Emerald]

Dear partners,

Due to legal issues OKPay will close all operations by May 1. 2012.

Please use this time to withdraw your available balance.

Sincerely yours,
Konstantin Romanovsky
OKPay CEO
http://www. okpay .com
r z e

What do you think? I've never registered to this site, but I got the mail.

I got the same email, and it had some where "to" fields to some AOL emails. I didn't really bother inspecting the headers, but they are probably faked.

[Stephen Gornick]

Yup, someone hates OKPay for whatever reason and is sending out messages to the list of e-mail addresses that was obtained last June when Mt. Gox got hacked.

Here's a prior spam campaign, possibly by the same perpetrator:
 - https://bitcointalk.org/index.php?topic=76270.0

[Red Emerald]

cairo.perfect-privacy.com sure sounds legit lol

[apetersson]

excerpt from my headers:

X-Spam-Status: Yes, score=17.6 required=4.0
X-Spam-Report:
   *  0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
   *      [41.215.241.234 listed in zen.spamhaus.org]
   *  1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
   *  0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
   *  1.4 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com
   *  2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
   *  1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
   *  0.1 TVD_RCVD_IP TVD_RCVD_IP
   *  1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
   *  0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
   *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
   *  0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
   *  2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
   *  1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
   *  1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
   *  2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora

this is about the worst possible spam-score. pretty weak attempt.

[rjk]

excerpt from my headers:

X-Spam-Status: Yes, score=17.6 required=4.0
X-Spam-Report:
   *  0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
   *      [41.215.241.234 listed in zen.spamhaus.org]
   *  1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
   *  0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
   *  1.4 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com
   *  2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
   *  1.5 TVD_RCVD_IP4 TVD_RCVD_IP4
   *  0.1 TVD_RCVD_IP TVD_RCVD_IP
   *  1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
   *  0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
   *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
   *  0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this
   *  2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
   *  1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP
   *  1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
   *  2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora

this is about the worst possible spam-score. pretty weak attempt.

Which spam classification tool is giving you those headers? It looks fairly intelligent.

[apetersson]

SpamAssasin