01: From: - Sun Jan 15 xx:xx:xx 2012
02: X-Account-Key: account12
03: X-UIDL: [UID filtered]
04: X-Mozilla-Status: 0000
05: X-Mozilla-Status2: 00000000
06: X-Mozilla-Keys:
07: X-Envelope-From: <server [at] server001.ovh.net>
08: X-Envelope-To: <poor [at] spamvictim.tld>
09: X-Delivery-Time: 1326539211
10: X-UID: [UID filtered]
11: Return-Path: <server [at] server001.ovh.net>
12: X-RZG-FWD-BY: ich [at] xyz-online.de
13: Received: from mailin.rzone.de (hamish mi2) ([unix socket]) by mailin.rzone.de
14: (hamish mi2) (RZmta 27.4) with LMTPA; Sat, 14 Jan 2012 xx:xx:xx +0100 (MET)
15: X-RZG-CLASS-ID: [ID filtered]
16: Received: from server001.ovh.net (ns38807.ovh.net [91.121.17.89]) by
17: mailin.rzone.de (hamish mi2) (RZmta 27.4 OK) with ESMTP ID: [ID filtered]
18: Received: from server by server001.ovh.net with local (Exim 4.69) (envelope-from
19: <poor [at] spamvictim.tld>) ID: [ID filtered]
20: Date: Sat, 14 Jan 2012 xx:xx:xx +0100
21: To: poor [at] spamvictim.tld
22: From: PayPal Deutschland <deutchland [at] security-servers.de>
23: Reply-To:
24: Subject: Account wurde von einem anderen Standort abgerufen
25: Message-ID: [ID filtered]
26: X-Priority: 1
27: X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
28: MIME-Version: 1.0
29: Content-Transfer-Encoding: 8bit
30: Content-Type: text/html; charset="iso-8859-1"
31: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
32: report
33: X-AntiAbuse: Primary Hostname - server001.ovh.net
34: X-AntiAbuse: Original Domain - xyz-online.de
35: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
36: X-AntiAbuse: Sender Address Domain - server001.ovh.net
37: X-AntiVirus: checked (incoming) by Avira MailGuard (Version: 12.1.1.20; AVE:8.2.8.26;
38: VDF:7.11.21.28
Lesezeichen