A continuación se muestra el correo electrónico con encabezados. Nunca me registré en el sitio, así que está claro que es phishing, pero los enlaces en el correo electrónico apuntan al sitio real de Avast. La ruta de entrega también parece legítima, ya que ambas direcciones IP (77.234.40.28 y 5.45.62.32) pertenecen a Avast de acuerdo con whois. Recibí esto a través de mi propio servidor SMTP de Postfix.
Solo se me ocurren dos explicaciones:
- Avast es spamming para aumentar su base de usuarios (¿poco probable?)
- Alguien más se registró usando mi dirección de correo electrónico (¿accidentalmente?)
¿Se me ha pasado alguna explicación alternativa?
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
X-Greylist: delayed 00:06:20 by SQLgrey-1.8.0
Received: from prg18.ff.avast.com (prg18.ff.avast.com [77.234.40.28])
by helios.redacted.com (Postfix) with ESMTP id 29FDE338513
for <[email protected]>; Tue, 24 Feb 2015 16:31:39 +0000 (UTC)
Received: from ams01-022.ff.avast.com (ams01-022.ff.avast.com [5.45.62.32])
by prg18.ff.avast.com (Postfix) with ESMTP id 4AC4863FE
for <[email protected]>; Tue, 24 Feb 2015 17:25:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=avast.com;
s=default; t=1424795118;
bh=xtbTFzHy9Gx8+0K7moXgMhL46s4Nd1+AiW/7CP7eGo4=;
h=Date:From:To:Subject;
b=KsOT6/s2YsnQ4P1ZSpgzbOjusgVHCzTBc/y2UdqTzbFec9rIMF4ayuzx1fmKpsIeh
56CkPMIriPpJ/w8rNIEAA74rqUtXaTa6P+8CF+ePo0cDurc5+zvTFBLdx29NxWzpNa
Pdsm/tnBF7mWyY67HAFIlNgKGiDq2YUX+rB/jp2I=
Received: from ams01-022.ff.avast.com (localhost [127.0.0.1])
by ams01-022.ff.avast.com (Postfix) with ESMTP id 2EE47120243
for <[email protected]>; Tue, 24 Feb 2015 17:25:18 +0100 (CET)
Date: Tue, 24 Feb 2015 17:25:18 +0100 (CET)
From: AVAST Software <[email protected]>
To: [email protected]
Message-ID: <2116255645.5085975.1424795118191.JavaMail.id@ams01-022.ff.avast.com>
Subject: =?utf-8?Q?Avast_antivirus_account_=E2=80=93_please_confirm?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_5085973_1976669953.1424795118189"
------=_Part_5085973_1976669953.1424795118189
Content-Type: multipart/alternative;
boundary="----=_Part_5085974_319880981.1424795118189"
------=_Part_5085974_319880981.1424795118189
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<?xml version=3D"1.0" encoding=3D"UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www=
.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"cs" lang=3D"cs">
<head>
=09<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8"=
/>
</head>
<body>
=09<div style=3D"padding-bottom:5px;"></div>You recently registered an AVAS=
T Account. <br/><br/> Please click this link to verify your account: <br/><=
br/> <a href=3D"https://id.avast.com/en-us/confirm/registration?token=3DN1r=
34hqKcwm6mBRkqLFub05pnfriPWmujAtoDTpqMhNH3FTE1T">https://id.avast.com/en-us=
/confirm/registration?token=3DN1r34hqKcwm6mBRkqLFub05pnfriPWmujAtoDTpqMhNH3=
FTE1T</a> <br/><br/> NOTE: Information email only =E2=80=93 PLEASE DO NOT R=
EPLY <br/><br/>AVAST Software<div style=3D"padding-top:5px;"><a href=3D"htt=
p://www.avast.com">http://www.avast.com</a></div>
</body>
</html>
------=_Part_5085974_319880981.1424795118189--
------=_Part_5085973_1976669953.1424795118189--
Aquí está el registro de transacciones SMTP:
Feb 24 16:25:19 helios postfix/smtpd[28347]: connect from prg18.ff.avast.com[77.234.40.28]
Feb 24 16:25:19 helios sqlgrey: grey: new: 77.234.40(77.234.40.28), [email protected] -> [email protected]
Feb 24 16:25:19 helios postfix/smtpd[28347]: NOQUEUE: reject: RCPT from prg18.ff.avast.com[77.234.40.28]: 450 4.7.1 <[email protected]>: Recipient address rejected: Greylisted for 5 minutes; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<prg18.ff.avast.com>
Feb 24 16:25:19 helios postfix/smtpd[28347]: disconnect from prg18.ff.avast.com[77.234.40.28]
Feb 24 16:28:39 helios postfix/anvil[28329]: statistics: max connection rate 2/60s for (smtp:66.45.103.63) at Feb 24 16:23:23
Feb 24 16:28:39 helios postfix/anvil[28329]: statistics: max connection count 2 for (smtp:66.45.103.63) at Feb 24 16:23:23
Feb 24 16:28:39 helios postfix/anvil[28329]: statistics: max cache size 1 at Feb 24 16:23:22
Feb 24 16:31:38 helios postfix/smtpd[28367]: connect from prg18.ff.avast.com[77.234.40.28]
Feb 24 16:31:39 helios sqlgrey: grey: reconnect ok: 77.234.40(77.234.40.28), [email protected] -> [email protected] (00:06:20)
Feb 24 16:31:39 helios sqlgrey: grey: from awl: 77.234.40, [email protected] added
Feb 24 16:31:39 helios postfix/smtpd[28367]: 29FDE338513: client=prg18.ff.avast.com[77.234.40.28]
Feb 24 16:31:39 helios postfix/cleanup[28370]: 29FDE338513: message-id=<2116255645.5085975.1424795118191.JavaMail.id@ams01-022.ff.avast.com>
Feb 24 16:31:39 helios postfix/qmgr[13941]: 29FDE338513: from=<[email protected]>, size=2691, nrcpt=1 (queue active)
Feb 24 16:31:39 helios postfix/smtpd[28367]: disconnect from prg18.ff.avast.com[77.234.40.28]
Feb 24 16:31:39 helios postfix/local[28371]: 29FDE338513: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.3, delays=0.26/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Feb 24 16:31:39 helios postfix/qmgr[13941]: 29FDE338513: removed