From: Automatic Email Delivery Software
Subject: [SPAM] ERROR
Date: Fri, 30 Jun 2006 23:28:24 +0300 (16:28 EDT)
Your message was undeliverable due to the following reason(s):
Your message could not be delivered because the destination server was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configuration parameters.
Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now.
Your message was not delivered within 7 days:
Mail server 220.127.116.11 is not responding.
The following recipients did not receive this message:
Please reply to email@example.com
if you feel this message to be in error.
Looks normal, right? The "trick" lies in the attachment. It has a "scr" file extension.
This prompted me to look at the header. Sure enough, my ISP received the message from 18.104.22.168. Even though the IP claimed to be cox.net (told the SMTP server "helo cox.net"), a reverse lookup on the IP returns "primalch.static.otenet.gr". A whois lookup confirms this.
So add the following to things not to do: "Don't open attachments from error messages." I'll look at the attachment this weekend.