It's tax season

And what do you know? I recently received a refund from the IRS. Wow!

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $480.23. Please submit the tax refund request and allow us 3-6 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here.

Note: For security reasons, we will record your ip-address, the date and time. Deliberate wrong inputs are criminally pursued and indicated.

Regards,

Internal Revenue Service

Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.

Err... Thanks, but I'm not even a US citizen. Unless our BIR offers refunds in dollars now?

The link points to an IP address registered in Latin America. It gets better: whois info shows the following:

OrgName:    Latin American and Caribbean IP address Regional Registry 
OrgID:      LACNIC
Address:    Rambla Republica de Mexico 6125
City:       Montevideo
StateProv:  
PostalCode: 11400
Country:    UY

The headers are also very interesting:

Received: by 10.114.150.9 with SMTP id x9cs106067wad;
Thu, 21 Feb 2008 23:44:15 -0800 (PST)
Received: by 10.82.181.7 with SMTP id d7mr20582205buf.4.1203666254308;
Thu, 21 Feb 2008 23:44:14 -0800 (PST)
Return-Path: <[email protected]>
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
by mx.google.com with ESMTP id z40si1631581ikz.4.2008.02.21.23.44.13;
Thu, 21 Feb 2008 23:44:14 -0800 (PST)
Received-SPF: neutral (google.com: 66.249.92.172 is neither permitted nor denied by domain of [email protected]) client-ip=66.249.92.172;
Authentication-Results: mx.google.com; spf=neutral (google.com: 66.249.92.172 is neither permitted nor denied by domain of [email protected]) [email protected]
Received: by ug-out-1314.google.com with SMTP id e2so1204598ugf.21
for <[email protected]>; Thu, 21 Feb 2008 23:44:13 -0800 (PST)
Received: by 10.67.115.10 with SMTP id s10mr1971303ugm.89.1203666253276;
Thu, 21 Feb 2008 23:44:13 -0800 (PST)
Received: by 10.67.115.10 with SMTP id s10mr1971299ugm.89.1203666253174;
Thu, 21 Feb 2008 23:44:13 -0800 (PST)
Return-Path: <[email protected]>
Received: from mailkbh.delud.dk ([194.182.91.20])
by mx.google.com with ESMTP id 32si287442ugd.37.2008.02.21.23.44.12;
Thu, 21 Feb 2008 23:44:13 -0800 (PST)
Received-SPF: neutral (google.com: 194.182.91.20 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=194.182.91.20;
Authentication-Results: mx.google.com; spf=neutral (google.com: 194.182.91.20 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from mailaarh.delud.dk ([195.192.86.117]) by mailkbh.delud.dk with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 22 Feb 2008 08:44:07 +0100
X-Spam-Status: NO, hits=0 required=5
X-Spam-Flag: NO
Received: from User ([71.132.110.97]) by mailaarh.delud.dk with Microsoft SMTPSVC(6.0.3790.3959); Fri, 22 Feb 2008 08:44:05 +0100
Keywords: disclaimer
Reply-To: <[email protected]>

This ran past GMail's much-daunted spam filters, even when Return-Path was obviously forged. So much for SPF.

Here's what's funnier -- at the bottom of the message is this boilerplate:

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/

Right. I'm proud that I used to work with a better anti-virus company. ;)

Comments

Post a Comment

Popular posts from this blog

Pull files off Android phone

Image
This assumes you have Android Debug Bridge (ADB) installed. This will pull all files from a directory in an Android phone. cd /path/to/destination/directory adb pull /path/to/source . As Julian says, "Easy-peasy, lemon squeezy." (I use this, by the way, since the Nexus 5 and OS X Mavericks refuse to work together in USB mode.)
Read more