Peter Tomlinson pwt at
Wed Mar 30 06:55:13 BST 2011

And they have just bounced another one, but this time they quote their 
own email address (not a first line police host address, which was what 
they quoted a few days ago). Their message is fowarded below, as is the 
first part of the message that I forwarded (the bulk of it is in an html 
file that was attached to it)


Police bounce message:

The following message to <email at> was undeliverable.
The reason for the problem:
5.3.0 - Other mail system problem 550-'ATLAS(2503): Your email was 
detected as spam. (RCPTs:\nemail at'

Reporting-MTA: dns;

Final-Recipient: rfc822;email at
Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; []
Diagnostic-Code: smtp; 5.3.0 - Other mail system problem 
550-'ATLAS(2503): Your email was detected as spam. 
(RCPTs:\nemail at' (delivery attempts: 0)

Fraud attempt body included:

Tuesday, March 29th 2011.
From: Mr. Liu Yan
Hong Kong.

Dear Friend,

I am Liu Yan, an employee of one of the top financial institutions here 
in Hong Kong. I want to use this opportunity to offer you a business 
undertaking with a very high monetary gain and value, mutually 
beneficial to both parties if you are interested, read through the 
attached message.

On 30/03/2011 06:13, Peter Tomlinson wrote:
> I, too, have forwarded to them some scam emails - and some of those 
> forwarded by me have been bounced as spam by the police incoming filter.
> Maybe I should bin this domain name - it was registered a long time 
> ago, and thus emails sent will have been harvested by the spammers a 
> long time ago....
> Peter
> On 29/03/2011 21:43, Charles Lindsey wrote:
>> Saw this on uk.comp.misc. He asks whether it is illegal. Sure seems like
>> unlawful interception to me.
>>> Newsgroups: uk.comp.misc
>>> Subject: Re: Actionfraud
>>> Date: Thu, 24 Mar 2011 14:34:13 +0000
>>> Organization: Scott family
>>> Message-ID:<imfkp7$jnn$1 at>
>> On 24/03/11 09:22, Graham Harrison wrote:
>>> Not so long ago there were various news items about
>>> I decided it wouldn't do any harm to forward them a few scam emails 
>>> so I
>>> started doing just that. Then BT (my ISP) decided I was actually 
>>> sending
>>> spam. It hasn't stopped me sending ordinary mails but I can no longer
>>> forward the spam/scam mails. I tried talking to them and their help 
>>> desk
>>> initially found it difficult to believe the problem was with their own
>>> system (it is) and when they finally got it (or said they did) they 
>>> said
>>> they couldn't do anything.
>>> So I went to Actionfraud whose response also suggested they didn't
>>> understand that the problem is at BT and they suggested I print my 
>>> mails
>>> and send them to a freepost address.
>>> Has anyone else had any similar experiences?
>> Yep.  Bethere (as I found out) scan outgoing mails for particular
>> strings (that they won't reveal - probably just a list of scam web
>> sites) and assume anything containing one is spam. And of course when I
>> tried to forward such an email to complain to a (probably) respectable
>> ISP about one of their customers, I didn't get very far.
>> And bethere's front-line CS didn't know. "You're spam-checking my mail"
>> "no we're not" "yes you are - escalate the call and find out!" "Oh yes,
>> so we are. Tough."
>> I'm sure it's illegal to do this scanning (it's not even in their T&C's
>> that they may/will), although I can understand an ISP's desire not to be
>> black-listed.

More information about the ukcrypto mailing list