Forged email from SPAM site, fakes EAA.ORG

[bwilson4web]

Hi,

So this afternoon I got an e-mail claiming:

We think you may be missing some of your EAA membership benefits!

We want to make sure that you are receiving our emails into your Gmail inbox, as these give you information updated on things in and around EAA, and in general aviation.

It only takes a few seconds to find out!
Follow these 3 easy steps to find out . . .

Well it turns out the e-mail headers were forged from "icpbounce.com", a notorious SPAM house. One can go nuts trying to figure out how these jerks got or figured out I'm an EAA member. Regardless, the little pile showed up and is now flagged as SPAM to gmail.

For those curious as to how to decipher the header, I've replaced the "<" with "*" to denature any rendering effects:

Delivered-To: bwilson4web@gmail.com
Received: by 10.14.129.3 with SMTP id g3csp135685eei;
Tue, 16 Apr 2013 13:51:56 -0700 (PDT)
X-Received: by 10.49.131.133 with SMTP id om5mr4836566qeb.7.1366145515826;
Tue, 16 Apr 2013 13:51:55 -0700 (PDT)
Return-Path: *bounces+1170417.48547813.184522@icpbounce.com>
Received: from drone054.ral.icpbounce.com (drone054.ral.icpbounce.com. [66.162.193.235])
by mx.google.com with ESMTP id hg9si3145238qab.14.2013.04.16.13.51.55;
Tue, 16 Apr 2013 13:51:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+1170417.48547813.184522@icpbounce.com designates 66.162.193.235 as permitted sender) client-ip=66.162.193.235;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of bounces+1170417.48547813.184522@icpbounce.com designates 66.162.193.235 as permitted sender) smtp.mail=bounces+1170417.48547813.184522@icpbounc e.com;
dkim=pass header.i=@icontact.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=icontact.com;
h=Mime-Version:From:Toate:Subject:List-Unsubscribe:Content-Type:Message-ID;
bh=XWU/oOYb7gw6WXl0JP1qsTWYU94=;
b=ffj7S6Z3eFSSCx+Kvbjtb2JhGrGo/yU5IZrHMh6kqxTH6HDnDpkcU5jnteu87Ga64lLbGp+zJz+t
lI0va24z6Lcd3XQVsAs4GQh/LEXAgiLdqw4Ji8X675OA9u4twen6BrMB3xAwESyyV7PIqEdpTN 4e
1qSD4lrmBfa3Qc1cjhE=
Mime-Version: 1.0
From: "EAA" *membership@eaa.org>
To: *bwilson4web@gmail.com>
Date: Tue, 16 Apr 2013 16:50:53 -0400
Subject: Gmail Notice - Please Check Your Settings Today
. . .

The key triggers:

1. Email that tries to get you to do something with a browser or the email client! Legitimate e-mail does not carry a payload or request asking that you 'do something' like this.
   
2. "icpbounce.com" - has nothing to do with the EAA domain.
   
3. [66.162.193.235] - probably someone's computer that has become a 'robot' for the SPAMers
   
4. "From: ..." - easily forged by the SPAMer to give credibility to the e-mail. But the e-mail headers do not match.

It is always so disappointing to see such nonsense but I learned years ago that SPAMers are sociopaths. They really do not care what you think as long as they can deliver their nonsense.

I'm not sure how to communicate with official EAA about this. When 'search' didn't find any other postings, I figured to share it with the community.

GOOD LUCK!
Bob Wilson