Trinity Tux

patzer117

I got an email directly to my @tcd.ie address a few minutes ago and I'm wondering if anyone can shed any light on it...

Hey,

Are you ready for the [event some stage later this term]? Got your rental tux sorted yet?

No? Nothing sorted yet? Well that's great! This time you'll be glad you waited until the last minute! You really don't wany to wear a badly fitting rental, seriously no one looks good in a rental suit.

For almost the same price you can have a custom fitted tux, hand stitched just for you.

We all know girls lie sometimes... but we're telling the truth when we say "there's few things that make a guy look as great as a really well fitted suit."

You can click through to pick your tux now and I'll guarantee delivery before the ball.

www.trinitytux.com

Look forward to seeing you at the ball - I'll be the flirty girl getting just close enough to see what tux you're wearing.

Hugs,

Victoria

Ps. If you're thinking of doing something cool; picking a coloured lining or crazy lapels you can drop me a quick email before you order with your selection and I'll give you a girls opinion

I naturally wanted to unsubscribe, but thought wiser of giving my email address away, but went to the site to check it out.

There's no contact information, the "alphatailor.com" site they seem to be selling from is not up and running, and I can find no mention of them on any google search of the terms...

I'm obviously not going to buy, but I'm wondering if anyone has heard of them, if it's legitimate or a scam. The site looks quite professional but with no phone number, address or tuxes in sight...


patzer

Jonathan

Victoria sounds like a slut tbh..

GlasnevinRed

Got the same email but just ignored it. Is our information being passed out freely?

tolosenc

Got the email, want to know why.

Borneo Fnctn

I'm pissed off I even got the email. Got knows i get enough junkmail from the counselling service and the student union never mind this.

Mark200

Yeah I got the e-mail as well... and I didn't even buy tickets for that event.

Pet

A quick WHOIS shows the site was only registered on Sunday, by a spammy registering company. No record of the parent company. There's also no SSL for the credit card details, either. Total scam.

I had a theory that a certain society had sold its mailing list, but now I'm not so sure, judging by this thread. The one interesting thing is that my surname was beside my email address in the "To:" section, and that's unusual in itself.

Kwekubo

From what I can see there has been a huge rise in spam to tcd.ie e-mail addresses this year. My suspicion is that someone who has, or recently had, access to a huge mailing list is making a mint by flogging it. That, or societies/clubs really need to learn how to contact their membership without compromising their contact details.

Pet wrote: »

I had a theory that a certain society had sold its mailing list, but now I'm not so sure, judging by this thread. The one interesting thing is that my surname was beside my email address in the "To:" section, and that's unusual in itself.

I never used my tcd.ie address for anything other than academic stuff until this year, when I used it to join societies/clubs back in October. All of a sudden I started getting spam for Noize, Tripod, UCD Ents (?) et al.

Ron DMC

I didn't get this mail at all.

What have ye got in common? Soc/class mailing list of some sort?

Pet

Obviously not a class list. Kwekubo's suspicion may be correct, I feel.

Either way, it's really ****ing annoying. I don't use my tcd email address for anything other than academic stuff, and it's slowly getting clogged by promo bull****. I'd really like to find out who's responsible.

Jonathan

Ronny Mitchell wrote: »

I didn't get this mail at all.

What have ye got in common? Soc/class mailing list of some sort?

Most likely a list of current students :P

jamesnp

I've gotta say, if it's legit, I'm enticed by the offer.

It's no secret that tailored suits from China (Singapore according to the site) cost next to nothing; if this is legit then I'd love to get one.

On the spamming front, It must have been a list, I've confirmed certain @tcd.ie people did not receive it, ie. graduates, staff.

After a bit of digging I've gleaned the following information:

trinitytux.com, registered through GoDaddy to DomainsbyProxy.com. 1st Strike. DomainsbyProxy.com HIGHLY SUSPICIOUS.

DNS is NS1.DNSIRELAND.COM and NS2.DNSIRELAND.COM. Off the top of my head these are Digiweb NSs.

A nameserver lookup on trinitytux.com gives us a server at 78.137.164.56. An IP whois tells us that my initial suspicion was correct, though LETSHOST.ie seem to be reselling the hosting. The following websites are also hosted on this server:

a1devchimneys.com	2009-04-23
alexander.ie	2009-04-23
aranos.net	2009-04-23
ardaghnews.com	2009-04-23
article-hunt.com	2009-04-23
baltinglasscommunity.info	2009-04-23
barbararidgekenny.com	2009-04-23
bealbocht.com	2009-04-23
bloggarkivet.net	2009-04-23
brackenequestrian.com	2009-04-23
bulfinstairs.ie	2009-04-23
carscavan.com	2009-04-23
cartrongarrow.com	2009-04-23
castletownconcertreport.com	2009-04-23
cd-businesscards.com	2009-04-23
cng.ie	2009-04-23
currabawn.com	2009-04-23
dcisocialclub.com	2009-04-23
ddgc.ie	2009-04-23
deadcatbounce.ie	2009-04-23
deagalway.com	2009-04-23
dennehy-auctioneers.ie	2009-04-23
directukholidays.com	2009-04-23
discoveryownersclub.org	2009-04-23
diversityequalityworks.ie	2009-04-23
dkverificationltd.com	2009-04-23
dnasolutions.ie	2009-04-23
donegalproperty.net	2009-04-23
dosh.ie	2009-04-23
douglashallafc.com	2009-04-23
dragonflywebmedia.com	2009-04-23
dublinbybike.com	2009-04-23
dunfanaghygolfclub.com	2009-04-23
dvd-businesscards.com	2009-04-23
earlylearners.ie	2009-04-23
effineddie.com	2009-04-23
englishholidaysdirect.com	2009-04-23
enterpriseworlds.com	2009-04-23
europeanboatdelivery.com	2009-04-23
exclusivesbeauty.com	2009-04-23
expressyourself.ie	2009-04-23
farmercash.com	2009-04-23
fergalbradley.com	2009-04-23
fermoycleaning.com	2009-04-23
fescork.ie	2009-04-23
fibbermagees.ie	2009-04-23
finaltouchband.com	2009-04-23
fireandenergycontrol.com	2009-04-23
fitnessmattersdublin.com	2009-04-23
fitzgeraldsphotography.com	2009-04-23
forklift-trainer.com	2009-04-23
forum.irish-ferries-enthusiasts.com	2009-04-23
frankcorcoran.com	2009-04-23
frankcostello.net	2009-04-23
franksweeney.ie	2009-04-23
fuaimrian.net	2009-04-23
gardendiary.net	2009-04-23
genbukan-ni.com	2009-04-23
gersart.com	2009-04-23
goplayplaygrounds.ie	2009-04-23
gowiththeflow.ie	2009-04-23
grantshotel.com	2009-04-23
gsgourmetjams.ie	2009-04-23
gtelemetry.com	2009-04-23
habitatflooring.com	2009-04-23
hardydrew.com	2009-04-23
hautvol.com	2009-04-23
highwaymarkings.ie	2009-04-23
holidayaccommodationdirect.com	2009-04-23
homesandgardens.ie	2009-04-23
hoozridgebacks.com	2009-04-23
horsetransport.ie	2009-04-23
hotincity.com	2009-04-23
hypnotherapyireland.org	2009-04-23
iaucc.ie	2009-04-23
ier.ie	2009-04-23
illumadesign.ie	2009-04-23
iosprojects.com	2009-04-23
irelandstamps.ie	2009-04-23
irish-ferries-enthusiasts.com	2009-04-23
irishbeagling.org	2009-04-23
irishcats.com	2009-04-23
irishcivilweddingvenues.com	2009-04-23
irishholidaysdirect.com	2009-04-23
irishsquirrelsurvey.com	2009-04-23
irishxcmtb.com	2009-04-23
isatt.ie	2009-04-23
itsinmyway.com	2009-04-23
jamesdurrant.net	2009-04-23
java-jewel.com	2009-04-23
javajewel.ie	2009-04-23
jensen.cartrongarrow.com	2009-04-23
jessicabaronartist.com	2009-04-23
jobs4students.ie	2009-04-23
johnroche.com	2009-04-23
kancelaria-adw.com	2009-04-23
kearneyimages.com	2009-04-23
kelleherssalthill.ie	2009-04-23
kerryathletics.com	2009-04-23
kingslandobservatory.com	2009-04-23
kkccc.ie	2009-04-23
leisurezone.ie	2009-04-23
lh16.dnsireland.com	2009-04-23
lisloughrey.ie	2009-04-23
lisloughreylodge.ie	2009-04-23
littleangelsschool.net	2009-04-23
lizzieburcher.com	2009-04-23
lok-e.com	2009-04-23
longfordshow.com	2009-04-23
loretoreilly.com	2009-04-23
lostweekend.ie	2009-04-23
loughallenbasin.com	2009-04-23
luxso.ie	2009-04-23
madmtb.com	2009-04-23
martinedelamere.org	2009-04-23
mashcomp.com	2009-04-23
maxicane.com	2009-04-23
mbcc.ie	2009-04-23
mccorrystuart.com	2009-04-23
mcdonaghs.net	2009-04-23
mcgees-holiday-rentals-france.com	2009-04-23
mchughinsulation.com	2009-04-23
mg-consulting.ie	2009-04-23
mhayesmanagement.net	2009-04-23
michellemadethis.com	2009-04-23
microflex.ie	2009-04-23
millicentmembers.com	2009-04-23
mipix.ie	2009-04-23
mmcdonough.net	2009-04-23
modernvideos.com	2009-04-23
modexsystem.com	2009-04-23
mogcar.com	2009-04-23
moneytalk.ie	2009-04-23
monivearide.com	2009-04-23
monti.ie	2009-04-23
muck-truck.net	2009-04-23
musicalyouthfoundation.com	2009-04-23
newportgaa.com	2009-04-23
newtopmedia.com	2009-04-23
niallfahy.com	2009-04-23
niallobrolchain.ie	2009-04-23
nightlifecork.com	2009-04-23
noelleinteriors.ie	2009-04-23
noelmullins.com	2009-04-23
noreenryan.ie	2009-04-23
nostrasystems.ie	2009-04-23
occasion.ie	2009-04-23
offtherailslive.com	2009-04-23
olivias.ie	2009-04-23
osullivanhorticulture.com	2009-04-23
oxcc.org	2009-04-23
pappapirish.com	2009-04-23
paulmcnally.ie	2009-04-23
paulryanartist.com	2009-04-23
pctgalway.com	2009-04-23
pegasusconstruction.ie	2009-04-23
peoba.ie	2009-04-23
perfectcaketoppers.com	2009-04-23
performingartsschoolgalway.com	2009-04-23
plantpeople.com	2009-04-23
platinumcardco.com	2009-04-23
plump-bunnies.com	2009-04-23
pop-building.com	2009-04-23
power-clan.com	2009-04-23
primaryplant.com	2009-04-23
publiceye.ie	2009-04-23
quaycasino.ie	2009-04-23
rainbowfarm-ireland.com	2009-04-23
rapidrepairs.info	2009-04-23
rebalancepilates.com	2009-04-23
recognitionexpress.ie	2009-04-23
redmondsigns.com	2009-04-23
reitechltd.com	2009-04-23
renewsolutions.ie	2009-04-23
rhymin.ie	2009-04-23
rightfitcoach.com	2009-04-23
riinvestmentgrup.com	2009-04-23
riyc.ie	2009-04-23
riyctest.com	2009-04-23
rmdshop.com	2009-04-23
rockwoodpianostudio.com	2009-04-23
rogerbyrneandco.com	2009-04-23
salsaeverybody.com	2009-04-23
scientiaconsulting.net	2009-04-23
scoilnaomhanna.org	2009-04-23
scottishholidaysdirect.com	2009-04-23
sdkells.co.uk	2009-04-23
seanslattery.ie	2009-04-23
seitoireland.com	2009-04-23
shannontaxionline.com	2009-04-23
sheenajolleyphotography.com	2009-04-23
sidewalkcatering.com	2009-04-23
silkroadtents.com	2009-04-23
sirf.org	2009-04-23
sky.ie	2009-04-23
skyrouter.whitebeamimages.ie	2009-04-23
sligoairport.com	2009-04-23
sligodramacircle.ie	2009-04-23
sln.ie	2009-04-23
snmfearann.com	2009-04-23
sonasapc.ie	2009-04-23
sourcemycourse.com	2009-04-23
southcoasters.ie	2009-04-23
specialspace.info	2009-04-23
spreadeaglenorfolk.co.uk	2009-04-23
st-art.ie	2009-04-23
stampa.ie	2009-04-23
stangelas.com	2009-04-23
stefanoelaura.com	2009-04-23
stjosephsandcalry.ie	2009-04-23
stmarysenniskeane.com	2009-04-23
stopgradeinflation.ie	2009-04-23
storytellersunlimited.com	2009-04-23
studiosolas.com	2009-04-23
subotica.ie	2009-04-23
support.nostrasystems.ie	2009-04-23
susancloonan.com	2009-04-23
sustainability.ie	2009-04-23
swapit.ie	2009-04-23
symbiotictrading.com	2009-04-23
tartanpie.com	2009-04-23
tartantechnology.com	2009-04-23
tellyadds.net	2009-04-23
tellyads.net	2009-04-23
the-rock-cinema-restaurant.com	2009-04-23
thebestpageinexistance.com	2009-04-23
thebestpageinexistence.com	2009-04-23
thedaisycampaign.com	2009-04-23
thedublinmap.com	2009-04-23
thehypnotherapystudio.ie	2009-04-23
thesourcepool.com	2009-04-23
timemymeeting.com	2009-04-23
tmci.ie	2009-04-23
tokobetawi.com	2009-04-23
tomryc.com	2009-04-23
toplite.com	2009-04-23
triathy.com	2009-04-23
tullaroe.com	2009-04-23
uilleannpipes.ie	2009-04-23
virtualehome.com	2009-04-23
virtuamaps.com	2009-04-23
waterfordnissan.com	2009-04-23
watermarkeng.ie	2009-04-23
watermint.ie	2009-04-23
wexfordraces.ie	2009-04-23
whitehousekilkennyselfcatering.com	2009-04-23
whosponies.com	2009-04-23
wicklowbluedolphins.com	2009-04-23
wiihack.info	2009-04-23
wiki.baltinglasscommunity.info	2009-04-23
windowize.ie	2009-04-23
wroughtironstaircases.ie	2009-04-23
yourowncanvas.com	2009-04-23
yourowneyes.com	2009-04-23
youth2000.ie	2009-04-23

Nothing overly suspicious there – this is just an ordinary, run-of-the-mill shared server.

2nd strike comes from the order process - from what I can see, SSL isn't used. For a company accepting credit cards online this is very very suspect. Also, if I force an ssl connection with the server, the cert expired 6th June 2008 and there is a hostname mismatch - it being assigned to iteire.ie, a domain which has expired in the last 6 months.

With regard to the email itself, I have managed to trace it to the originating Eircom Broadband IP address 86.42.241.220 (86-42-241-220-dynamic.b-ras2.cld.dublin.eircom.net). CLD = CLONDALKIN (Nangor Road). At least we know at least one punter who's conducting this is based in Ireland.

Overall I am in a quandary. If it is a scam, the website is very very good and it is one of the best scams I've ever seen. Also, you'd usually expect a scam to originate from Poland or Nigeria or some such dodgy country - this is Clondalkin, not a stronghold of 419 scams. However, the fact that this company appears to have spammed all of Trinity must be considered a 3rd strike. A spammer should never be trusted and that is why I do not recommend anyone part with their cash on this site.

-jp

devinejay

Maybe if you buy a tux, it'll allow the Prince of Namibia to finally release the funds he has tied up from his fathers heritage (which he won in the Spanish National lottery) to you. You could buy a whole lot of ExtenZe and Cial1s with that kinda money....

mathew

I got it too...
My guess would be its everyone who got tickets for that faithful evening in May.
I'd be very very annoyed if my email address was passed around to people for advertising things I might need for said night.... seems thats what happened tho...

devinejay

mathew wrote: »

I'd be very very annoyed if my email address was passed around to people for advertising things I might need for said night

There's so much room for exploitation there, but I can pin down one that stands out......

next email offering drink at six in the morning that doesn't require a mortgage?


or maybe just condoms that aren't impossible to put on when you reach that state of delirium that necessitates condom usage while you're still in the ball.

decency??

patzer117

Mine also had my surname beside it, which makes it different from most society mails. Ronny seems to be the only one who didn't get this - did you attempt to purchase a ticket for the event this year?

jamesnp

Can everyone list the societies/mailings that they receive regularly?

I get stuff from:
Cumann Gaelach
The Phil
SU (through undergrads@tcd.ie ISS controlled list)


I can personally guarantee that the Cumann Gaelach's email list was kept in absolute accordance with the Data Protection Act, as I did it myself. I was the only one with access to it for the entire year and all emails were sent to each individual individually, ie. no CCs.

The chances of undergrads@tcd.ie being compromised is [hopefully] slim - ISS would not be happy to let that out to... anyone.

The Phil...? I dunno. They did have a nasty habit of sending mails with everyone openly CCed.

-jp

Mark200

mathew wrote: »

My guess would be its everyone who got tickets for that faithful evening in May.

Nope I didn't get tickets and still got the e-mail...

Although my surname wasn't beside it like other people have said.


For societies... I joined loads during Freshers Week, the ones I usually get e-mails from are The Phil and The Hist

Jonathan

mathew wrote: »

My guess would be its everyone who got tickets for that faithful evening in May.

Doubt it. I got it.

And there was no way I was giving that shower of [insert expletive] my money.

Ron DMC

patzer117 wrote: »

Mine also had my surname beside it, which makes it different from most society mails. Ronny seems to be the only one who didn't get this - did you attempt to purchase a ticket for the event this year?

I did indeed. But I ordered my ticket as staff if that makes any difference. Still got the same confirmation email as everyone else though.

Ron DMC

hold on, I'm not a current student.

undergrads@ breach maybe?

mardybumbum

I didnt buy a ticket but I got the e-mail.

Jonathan

Various depts make it far to easy to access the ISS lists.

For anyone in CS, go to the support wiki and have a look at the article called Undergraduate_Class_Mailing_Lists and you will see what I mean.

Jonathan

Ronny Mitchell wrote: »

hold on, I'm not a current student.

undergrads@ breach maybe?

Way ahead of ya :P

patzer117

Mark200 wrote: »

Nope I didn't get tickets and still got the e-mail...

Did you reserve a ticket using the main system though?

I get emails from loads of people -
I'm part of emails from The Hist - only two of us have access to the email list (including me) and we both definitely have not sold it.

I also get emails from the Phil, Kayaking, Chess, Jazz, Literary, Players etc.,

the surname thing is the strange bit though - they took their time to make a new email list. I'm leaning towards undergrad breach?

jamesnp

From chatting to other, a pattern's emerged and it must be a fairly current breech of undergrads@.

Now... who gave it away?

Ron DMC

jamesnp wrote: »

From chatting to other, a pattern's emerged and it must be a fairly current breech of undergrads@.

20 minutes ago. Look up ^

PurpleFistMixer

Must be an undergrads leak, since I'm not in the Phil or the Hist, nor did I attempt to buy any tickets of any kind this year.

Mark200

patzer117 wrote: »

Did you reserve a ticket using the main system though?

Nope, didn't go anywhere near anything to do with the event.

Brian

I didn't sign up to any clubs/socs with my @tcd, since I didn't have it in freshers' week. Nor did I express even the slightest interest in the trinity sphere, so it's not that.

Looks like a leak, which is a bitch.

jamesnp

If people try Victoria Smith in the student finder there is a person listed...

-jp

Ron DMC

jamesnp wrote: »

If people try Victoria Smith in the student finder there is a person listed...

-jp

Either a coincidence or the most amateur mistake in history. And it was going so well for her too...

patzer117

if we presume it's a scam, and a breach of the undergrad@, what's the next step in both situations?

jamesnp

Data Protection Commissioner?

I've made a few enquiries here and there... waiting for replies now.

I'll keep everyone updated. In the meantime, I think everyone should advise people that trinitytux.com is a possible scam in their facebook statuses, twitter, etc.

-jp

Brian

Yes, those Tux peddlers better watch out, they messed with The Internet.

Jonathan

jamesnp wrote: »

If people try Victoria Smith in the student finder there is a person listed...

-jp

Where are you getting that name from?

jamesnp

jmccrohan wrote: »

Where are you getting that name from?

It's the from name on the email. "Victoria Smith" <victoria@alphatailor.com>

-jp

dan719

jmccrohan wrote: »

Where are you getting that name from?

It's in the email. There are two facebook profiles of TCD students with that name also.

Jonathan

jamesnp wrote: »

It's the from name on the email. "Victoria Smith" <victoria@alphatailor.com>

-jp

Ah of course.

In that case I guess her bebo and facebook profiles are fairgame :pac:


SPAM SPAM SPAM

Pet

jamesnp wrote:

After a bit of digging I've gleaned the following information

Pet wrote:

A quick WHOIS shows the site was only registered on Sunday

...

jamesnp wrote:

HIGHLY SUSPICIOUS.

Pet wrote:

by a spammy registering company.

...

jamesnp wrote:

2nd strike comes from the order process - from what I can see, SSL isn't used.

Pet wrote:

There's also no SSL for the credit card details, either.

Way to repeat stuff I said, jamesnp.

Brian

jmccrohan wrote: »

Ah of course.

In that case I guess her bebo and facebook profiles are fairgame :pac:


SPAM SPAM SPAM

Unless it wasn't actually her that sent the email.

jamesnp

Pet wrote: »

Way to repeat stuff I said, jamesnp.

I had started writing my post before you had posted, my investigations took quite a while. I also went on to say more than those two bits of information. That being said, it can't hurt to have it said twice.

-jp

jamesnp

jmccrohan wrote: »

In that case I guess her bebo and facebook profiles are fairgame :pac:

Had a snoop around her facebook, doubt it's her. If I had a little business venture going on I'm sure there'd be some talk about it on my facebook. There's nothing to suggest a link on hers.

-jp

Jonathan

jamesnp wrote: »

Had a snoop around her facebook, doubt it's her. If I had a little business venture going on I'm sure there'd be some talk about it on my facebook. There's nothing to suggest a link on hers.

-jp

Send her a message on our behalf and ask her was it her, and can we have permission to spam her?

Pet

How does one go about breaching the undergrads list? Is it actually a list of all emails used by undergraduates, or some kind of server setting that only emails a certain "flavour" of email user in the domain? These guys used a third-party mass mailer, so I'm guessing the former.

Who'd have access, and how much trouble are they in? What other information might be contained in the email database? Sex is obviously there [the email is targeted to males], and I'd imagine college standing too. Tutor group? Address, even?

It's not The Unnameable Event, it's not the Phil, but I'm still not convinced it's an undergrads@ breach. It's also not the first time we've received targeted spam - but this is the first scam.

PurpleFistMixer

Pet wrote: »

Who'd have access, and how much trouble are they in? What other information might be contained in the email database? Sex is obviously there [the email is targeted to males], and I'd imagine college standing too. Tutor group? Address, even?

Might be aimed at males, but I got it and I'm definitely not male...

If it's not undergrads, what is it?

Thirdfox

I got it too - and I'm currently in the US on exchange - so not on any society lists this year except for the Hist and SU.

I got my hand-made tailored tux for a lot cheaper though :P (74 euro, including the shirt )

Scarinae

I got the email as well, and I'm a girl. I only use my @tcd address for academic things, I sign up to societies with my gmail because I check it more often, so I don't think that it is a society.

snappieT

Pet wrote: »

How does one go about breaching the undergrads list? Is it actually a list of all emails used by undergraduates, or some kind of server setting that only emails a certain "flavour" of email user in the domain? These guys used a third-party mass mailer, so I'm guessing the former.

AFAIK, emails are sent to undergrads@tcd.ie and the ISS server redistributes to everyone on the list. Emails are only accepted to that address from specific users, such as the SU, Counseling Service, etc.
I very much doubt it's an undergrads@ breach, unless they actually got in and looked at the full list themselves.

Nobody's had a look at the headers yet, let's take a gander...

Delivered-To: <MYNAME>sj@ghmail.tcd.ie
Received: by 10.103.242.6 with SMTP id u6cs130347mur;
        Thu, 23 Apr 2009 14:03:08 -0700 (PDT)
Received: by 10.140.132.3 with SMTP id f3mr470332rvd.21.1240520586612;
        Thu, 23 Apr 2009 14:03:06 -0700 (PDT)
Return-Path: <VictoriaSmith-ttldur1cwtkdtr1r@createsend2.com>
Received: from mail153-wa4-R.bigfish.com (mail-wa4.bigfish.com [216.32.181.114])
        by mx.google.com with ESMTP id g14si923844rvb.26.2009.04.23.14.03.05;
        Thu, 23 Apr 2009 14:03:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of VictoriaSmith-ttldur1cwtkdtr1r@createsend2.com designates 72.15.222.66 as permitted sender) client-ip=72.15.222.66;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of VictoriaSmith-ttldur1cwtkdtr1r@createsend2.com designates 72.15.222.66 as permitted sender) smtp.mail=VictoriaSmith-ttldur1cwtkdtr1r@createsend2.com
Received: from mail153-wa4 (localhost.localdomain [127.0.0.1])
    by mail153-wa4-R.bigfish.com (Postfix) with ESMTP id 502771758316
    for <<MYNAME>sj@ghmail.tcd.ie>; Thu, 23 Apr 2009 21:03:05 +0000 (UTC)
X-BigFish: vp
X-MS-Exchange-Organization-Antispam-Report: OrigIP: 72.15.222.66;Service: EHS
Received: by mail153-wa4 (MessageSwitch) id 1240520584263439_27650; Thu, 23 Apr 2009 21:03:04 +0000 (UCT)
Received: from m6.createsend.com (m6.createsend.com [72.15.222.66])
    by mail153-wa4.bigfish.com (Postfix) with ESMTP id 280211CE0054
    for <<MYNAME>sj@tcd.ie>; Thu, 23 Apr 2009 21:03:04 +0000 (UTC)
Received: by m6.createsend.com (PowerMTA(TM) v3.5r11) id hu3bog0jdbke for <<MYNAME>sj@tcd.ie>; Fri, 24 Apr 2009 07:02:37 +1000 (envelope-from <VictoriaSmith-ttldur1cwtkdtr1r@createsend2.com>)
From: "Victoria Smith" <victoria@alphatailor.com> 
To: "<MYNAME>l" <<MYNAME>sj@tcd.ie>
Reply-To: victoria@alphatailor.com
Date: Fri, 24 Apr 2009 07:02:33 +1000
Subject: <snip>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="_=aspNetEmail=_75c2533fabb24452b1af8ab16667272e"
X-Mailer: createsend2.com
X-Complaints-To: abuse@createsend2.com
List-Unsubscribe: <http://unsub.createsend2.com/t/r/u/ttldur/cwtkdtr/>
Received: from [86.42.241.220] by createsend2.com via HTTP; Fri, 24 Apr 2009 07:02:33 +1000
Message-ID: <cm.ttldur.cwtkdtr.r@createsend2.com>

So, someone logged on to createsend2.com from a Dublin IP, and sent this message via createsend.com, which makes use of bigfish. This must have been sent to a list, so they must have actually had the list.

Interestingly, it mail gets sent to username@ghmail.tcd.ie - though I'm not entirely sure what is happening here, ghmail.tcd.ie doesn't actually have a DNS record...

One last thing: There is an X-Complaints-To: abuse@createsend2.com
filed at the end of all that, perhaps we could fire off a few abuse mails.

jamesnp

snappieT wrote: »

Nobody's had a look at the headers yet, let's take a gander...So, someone logged on to createsend2.com from a Dublin IP, and sent this message via createsend.com, which makes use of bigfish. This must have been sent to a list, so they must have actually had the list.

jamesnp wrote: »

With regard to the email itself, I have managed to trace it to the originating Eircom Broadband IP address 86.42.241.220 (86-42-241-220-dynamic.b-ras2.cld.dublin.eircom.net). CLD = CLONDALKIN (Nangor Road). At least we know at least one punter who's conducting this is based in Ireland.

ghmail.tcd.ie is internal Google Appliance routing... every mail gets delivered to that address, so nothing strange there.

I've been in contact with the email service campaignmonitor.com who own createsend and I'm waiting on a response from them.

-jp

Mark200

Hmm well The Phil has sent around their own email today advertising for tuxes in Black Tie...