Email Spam Filter:
 jwSpamSpy
Try it for free!


About spam / "419" / Blog
jwSpamSpy
Recent spam domains
Spam domain blacklist

Software
Links
joewein.de
joewein.net
Contact
Google

 

x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer

Have you received spam that includes the following line in its header? Then email us a copy! 

x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer

The same bulk email program used in the "Joe job" attacks against our website (2003-12-16, 2003-12-19 and 2004-02-27 ) was also used in a few spams sent to our mailboxes in November and December. Spam #5 (2003-11-16) was sent via Comcast, the same provider used in the second "Joe job" against us. It claims to be from NASA, the spammer tries to mislead the recipients about the sender of the mail.

The "Mailblocks-Newsletter" (2004-02-20) looks like another "Joe job" against an anti-spam ressource. Several people have added mailblocks.com to their blacklists because they were led to believe the spam originated from the company.

Please note: According to Lukas Gebauer (who lives in Prague, CZ) he is not the author of this spamware. He only wrote a TCP/IP library which was used by whoever wrote this bulk email program.

Spam #1 (sent through shawcable.net): 

Return-Path: <advertising@shaw.ca>
X-Flags: 0000
Delivered-To: GMX delivery to #####@######
Received: (qmail 10768 invoked by uid 65534); 7 Dec 2003 11:14:54 -0000
Received: from h24-66-247-157.ed.shawcable.net (EHLO shawmail-cg-shawcable-net) 
 (24.66.247.157)
  by ######## (mx013) with SMTP; 07 Dec 2003 12:14:54 +0100
From: advertising@shaw.ca
To: ######@######
Subject: Free stuff!
Date: Sat, 6 Dec 2003 17:35:51 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-ID: <20031207111454.10870###1@mx013.####.###>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)

=3Chtml=3E

=3Chead=3E
=3Ctitle=3EFree Submission=3C=2Ftitle=3E
=3C=2Fhead=3E

=3Cbody=3E
=3C=2Ffont=3E=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=223=22=3E=3Ca href=
=3D=22http=3A=2F=2Fabsolute=2Echapel=2Eat=22=3EFree 100 bucks=3C=2Fa=3E=3C=
=2Ffont=3E=3C=2Fp=3E
=3C=2Ffont=3E=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=223=22=3E=3Ca href=
=3D=22http=3A=2F=2Fdirecttv=2Evirtualpage=2Ede=22=3EFree Direct TV=3C=2Fa=
=3E=3C=2Ffont=3E=3C=2Fp=3E
=3C=2Ffont=3E=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=223=22=3E=3Ca href=
=3D=22http=3A=2F=2Feasyloan=2Eamerican=2Eat=22=3EGet a loan in 6 minutes!=
=3C=2Fa=3E=3C=2Ffont=3E=3C=2Fp=3E
=3C=2Fbody=3E

Spam #2 (sent through West Virginia Network for Educational Telecomputing, 129.71.0.0 - 129.71.255.255): 

Return-Path: <free.offer@free-direct-tv.com>
X-Flags: 0000
Delivered-To: GMX delivery to #####@#####
Received: (qmail 26167 invoked by uid 65534); 6 Dec 2003 12:07:06 -0000
Received: from unknown (EHLO shawmail-cg-shawcable-net) (129.71.62.89)
  by ######### (mx021-rz3) with SMTP; 06 Dec 2003 13:07:06 +0100
From: free.offer@free-direct-tv.com
To: ######@######
Subject: Free 3 Month trial plus HBO FREE!
Date: Sat, 6 Dec 2003 00:10:11 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-ID: <20031206120711.27252gmx1@mx021-rz3.####.###>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)

=3Chtml=3E

=3Chead=3E
=3Ctitle=3EFree Submission=3C=2Ftitle=3E
=3C=2Fhead=3E

=3Cbody=3E
=3Cp=3E
=3Cimg src=3D=22http=3A=2F=2Fwww=2Erapidsatellite=2Ecom=2F=2E=2E=2Fimages1=
=2Fsite=2Fdtv1=2Egif=22 border=3D=220=22 width=3D=22126=22 height=3D=2260=
=22=3E=3C=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=225=22=3EYour paying too much=
 for your cable TV why not 
get a digital satellite system for 3 months and free HBO=2E=3C=2Ffont=3E=
=3C=2Fp=3E
=3Cp=3E =3B=3C=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=225=22=3EThis is a limited time=
 offer click any one the 
following link to get your 3 free months and free HBO now!=3C=2Ffont=3E=3C=
=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=225=22=3E=3Ca href=3D=22http=3A=
=2F=2Fdirecttv=2Ezor=2Eorg=2F=22=3E
www=2Efree-direct-television=2Ecom=3C=2Fa=3E=3C=2Ffont=3E=3C=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=225=22=3E=3Ca href=3D=22http=3A=
=2F=2Ffree-direct-tv=2Ecjb=2Enet=22=3E
www=2Efree-tv=2Ecom=3C=2Fa=3E=3C=2Ffont=3E=3C=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22 size=3D=225=22=3E=3Ca href=3D=22http=3A=
=2F=2Fdirecttv=2Evirtualpage=2Ede=22=3Ewww=2Enew-offer-directtv=2Ecom=3C=
=2Fa=3E=3C=2Ffont=3E=3C=2Fp=3E
=3Cp=3E =3B=3C=2Fp=3E
=3Cp=3E =3B=3C=2Fp=3E
=3Cp=3E =3B=3C=2Fp=3E
=3C=2Fbody=3E

=3C=2Fhtml=3E

Spam #3 (sent through University of Arkansas, 130.184.0.0 - 130.184.255.255): 

Return-Path: <bob@bob.com>
X-Flags: 0000
Delivered-To: GMX delivery to #####@######
Received: (qmail 30394 invoked by uid 65534); 4 Dec 2003 07:31:32 -0000
Received: from resnet-130-184-89-123.uark.edu (EHLO shawmail-cg-shawcable-net)
 (130.184.89.123)
  by ######### (mx001) with SMTP; 04 Dec 2003 08:31:32 +0100
From: bob@bob.com
To: ######@######
Subject: Free Website submission
Date: Wed, 3 Dec 2003 21:25:45 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-ID: <20031204073133.30438gmx1@mx001.####.###>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)

=3Chtml=3E

=3Chead=3E

=3Ctitle=3EFree Submission!=3C=2Ftitle=3E
=3Cbody=3E
=3Cp=3E=3Cfont face=3D=22Arial=22=3ESUBMIT YOUR WEBSITE FREE TO ALL THE=
 MAJOR SEARCH ENGINES 400! =3B Happy 
Holidays! =3B
=3C=2Ffont=3E=3C=2Fp=3E
=3Cp=3E=3Cfont face=3D=22Arial=22=3EJust a reminder Christmas is just=
 around the corner 
and if your looking for great gift IDEAS =3Ca href=3D=22http=3A=2F=2Fwww=
=2Esearchsubmit=2Erulestheweb=2Ecom
=22=3EFREE 48 HOUR SUBMISSION TO 400 SEARCH ENGINES YAHOO! ALTAVISTA!=
 LYCOS! ASK!=3C=2Fa=3E =3C=2Ffont=3E=3C=2Fp=3E
=3Cp=3E
=3Cimg src=3D=22http=3A=2F=2Fimages=2Eanimfactory=2Ecom=2Fanimations=
=2Fholiday=5Fevents=2Fchristmas=2Freindeer=5Fwreath=5Fswing=5Fmd=5Fwht=
=2Egif=22 width=3D=22110=22 
height=3D=22143=22=3E
=3C=2Fp=3E
=3Cp=3EBest Regards=2C Santa's reindeer=3C=2Fp=3E
=3Cp=3E =3B=3C=2Fp=3E

=3C=2Fbody=3E

=3C=2Fhtml=3E

Spam #4 (sent through shawcable.net, 24.80.0.0 - 24.87.255.255): 

Return-Path: <webmaster@guaranteedcreditcardapproving.com>
X-Flags: 0000
Delivered-To: GMX delivery to #####@######
Received: (qmail 31485 invoked by uid 65534); 23 Nov 2003 13:21:24 -0000
Received: from h24-82-74-79.vf.shawcable.net (EHLO shawmail-cg-shawcable-net)
 (24.82.74.79)
  by ######### (mx011) with SMTP; 23 Nov 2003 14:21:24 +0100
From: webmaster@guaranteedcreditcardapproving.com
To: ######@######
Subject: Your Guaranteed a Credit Card
Date: Sun, 23 Nov 2003 01:42:05 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-ID: <20031123132127.31623gmx1@mx011.####.###>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)

=3C!-- saved from url=3D=280022=29http=3A=2F=2Finternet=2Ee-mail --=3E
=3Chtml=3E

=3Chead=3E
=3Cmeta http-equiv=3D=22Content-Language=22 content=3D=22en-us=22=3E
=3Cmeta http-equiv=3D=22Content-Type=22 content=3D=22text=2Fhtml=3B=
 charset=3Dwindows-1252=22=3E
=3Ctitle=3EYou have been guaranteed acceptance for the credit card or loan=
 of your 
choice=3C=2Ftitle=3E
=3C=2Fhead=3E

=3Cbody=3E

=3Ch4=3E=3Cfont face=3D=22Arial=22=3EYou have been guaranteed acceptance=
 for the credit card 
or loan of your choice =3C=2Ffont=3E=3C=2Fh4=3E
=3Cp=3EAuthorization # A3432=3C=2Fp=3E
=3Cp=3ECredit Cards offer =3B payment options with credit=2C debit and=
 prepaid 
cards=2E With each card=2C you'll enjoy great features such as worldwide=
 acceptance=2C 
global recognition=2C and Zero Liability=2C plus premium cards offer an=
 array of 
additional benefits=2E=3Cbr=3E
=3Cbr=3E
Whatever your lifestyle=2C =3Ca href=3D=22http=3A=2F=2Fwww=
=2Eguaranteedcreditcardapproving=2Ecom=22=3E
http=3A=2F=2Fwww=2Eguaranteedcreditcardapproving=2Ecom=3C=2Fa=3E =3B=
 has a card that's right 
for you=2E Choose a card type below to learn more=2E=3C=2Fp=3E
=3Cp=3E=3Cbr=3E
Why choose a Credit card=3F=3Cbr=3E
=3Cbr=3E
I don't know what I'd do without it=2E Sometimes I use it to rent=
 snowboards in 
Australia=2E Sometimes it buys a round of drinks in New York City=2E I=
 like knowing 
it is accepted anyplace worth going=2E =3Cbr=3E
=3Cbr=3E
=3Cbr=3E
Find credit cards with flexible spending power and unsurpassed worldwide 
acceptance tailored to meet the needs of your everyday life=2E=3Cbr=3E
=3Cbr=3E
=3Cbr=3E
Selection of benefits on your card may vary by card issuer=2E Please refer=
 to your 
issuing financial institution for more details=2E
To be removed from our mailing list please reply to this message with=
 REMOVE in the subject thanks =3C=2Fp=3E
=3Cp=3EPresident=2FCEO=2C Karl Linchenstien=3Cbr=3E
=3Cbr=3E
 =3B=3C=2Fp=3E

=3C=2Fbody=3E

=3C=2Fhtml=3E

Spam #5 (sent through Comcast.net, 68.32.0.0 - 68.63.255.255): 

Return-Path: <nasa@virtualpage.de>
X-Flags: 0000
Delivered-To: GMX delivery to #####@######
Received: (qmail 13354 invoked by uid 65534); 17 Nov 2003 06:02:45 -0000
Received: from pcp01016612pcs.washly01.sc.comcast.net (EHLO shawmail-cg-shawcable-net)
 (68.59.0.172)
  by ######### (mx034-rz3) with SMTP; 17 Nov 2003 07:02:45 +0100
From: nasa@virtualpage.de
To: ######@######
Subject: Your Pending Investigation
Date: Sun, 16 Nov 2003 17:52:31 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-ID: <20031117060245.13386gmx1@mx034-rz3.####.###>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)

=3C!-- saved from url=3D=280022=29http=3A=2F=2Finternet=2Ee-mail --=3E
=3C!-- Start Evidence Eliminator Consumer Alert --=3E

=3Cdiv align=3D=22center=22=3E
  =3Ctable border=3D=220=22 cellpadding=3D=220=22 cellspacing=3D=220=22=
 width=3D=22600=22=3E
    =3Ctr=3E
      =3Ctd=3E
        =3Cp align=3D=22center=22=3E=3Cfont size=3D=221=22=3ETHIS EMAIL=
 HAS BEEN SENT BY
        NASA IN THE INTEREST OF PUBLIC INTERNET SAFETY=3C=2Ffont=3E=3C=
=2Ftd=3E
    =3C=2Ftr=3E
  =3C=2Ftable=3E

  =3Ccenter=3E
  =3Ctable border=3D=224=22 cellpadding=3D=220=22 width=3D=22600=22=
 bgcolor=3D=22#FFFFFF=22 bordercolorlight=3D=22#FF0000=22 bordercolordark=
=3D=22#FF0000=22 
cellspacing=3D=220=22=3E
    =3Ctr=3E=3Ctd=3E =3Cp align=3D=22center=22=3E
      =3Cfont face=3D=22Arial Black=22 size=3D=226=22 color=3D=22#FF0000=
=22=3ECONSUMER SCAM ALERT!=3C=2Ffont=3E
      =3Cb=3E=3Cfont size=3D=221=22 color=3D=22#FF0000=22=3E=3Cbr=3ENEWS=
 FLASH =3C=2Ffont=3E
      =3Cfont size=3D=221=22 color=3D=22#000000=22=3E- FRAUD ARTISTS=
 TARGET INTERNET CONSUMERS - =3C=2Ffont=3E
      =3Cfont size=3D=221=22 color=3D=22#FF0000=22=3ENEWS FLASH=3C=2Ffont=
=3E=3C=2Fb=3E=3Cbr=3E
      =3Cfont color=3D=22#000000=22 size=3D=222=22=3E
      False advertising has duped many
      consumers into buying cheap worthless imitation Computer Cleaning
      Software -  =22disk-washer-erasers=22 that do not work - you
      might as well =22throw your money away=22=2E If you have recently
      been the victim of a scam by one of these fly-by-night outfits you=
 are
      strongly urged to =22get your money back as quickly as possible=2C=
 and
      not to use the Software under any circumstances because it could=
 even
      damage your hard disk! If you take risks you could damage your=
 computer
      and go to jail!=22 Don't get conned - make sure you accept only the =
=3Cb=3ETrusted
      Authentic=2C Original Evidence Eliminator=E2=84=A2=3C=2Fb=3E and be=
 sure you are both
      100% Safe and Secure!
      =3Cb=3E=3Ca href=3D=22http=3A=2F=2Fnasa=2Ewxs=2Eorg=2F=22 =3E
=3Cfont color=3D=22#000300=22=3E=3Cb=3E-
Delete any connection with NASA conspiracies or risk further=
 investigation!=3C=2Fb=3E=3C=2Ffont=3E=3C=2Fa=3E=3C=2Fu=3E=3C=2Fi=3E=3C=
=2Fp=3E

=3C!-- End Evidence Eliminator Consumer Alert --=3E

Spam #6 (sent through Telecom Italia S.p.A., 82.48.60.0 - 82.48.69.255): 

Return-path: <######@######>
Envelope-to: #####@######
Delivery-date: Fri, 20 Feb 2004 01:05:25 +0100
Received: from [82.48.61.221] (helo=2120x2e2270x2e1180x2e70)
	by mx17.web.de with esmtp (WEB.DE 4.99 #605)
	id 1AtyAQ-0008GL-00
	for #####@######; Fri, 20 Feb 2004 01:05:20 +0100
From: newsletter@mailblocks.com
To: ####@########
Subject: Newsletter
Date: Wed, 18 Feb 2004 21:41:34 -0800
MIME-Version: 1.0 (produced by Synapse)
x-mailer: Synapse - Delphi & Kylix TCP/IP library by Lukas Gebauer
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text
Message-Id: 
Precedence: bulk

=3Chtml=3E



=3Cbody=3E
=3Cp=3ETired of getting spammed=3F I have a simple free solution for you=
 to combat 
spam on the internet stops 99 % of all spam=2E =3B Just click the link=
 and try 
it out today=2E=3C=2Fp=3E
=3Cp align=3D=22center=22=3E=3C!--webbot bot=3D=22HTMLMarkup=22 startspan=
 --=3E=3Ca href=3D=22http=3A=2F=2Fwww=2Egenuineonlinedeals=2Ecom=22 target=
=3D=22=5Ftop=22 =3E
=3Cimg src=3D=22http=3A=2F=2Fwww=2Edslreports=2Ecom=2Fr0=2Fdownload=
=2F536236~a197e77e392cfc8c75c8d264568c4f7a=2Funtitled=2Ebmp=22 width=3D=
=22120=22 
height=3D=2290=22 alt=3D=22Download Your Free ChoiceMail One Trial =22=
 border=3D=220=22=3E=3C=2Fa=3E=3C!--webbot bot=3D=22HTMLMarkup=22 endspan 
i-checksum=3D=2229890=22 --=3E=3C=2Fp=3E
=3Cp=3E=3Cfont size=3D=221=22=3EThis email is in compliance with the Can=
 Spam act=2E =3B To be removed from this email 
list please send a removal request to =3Ca href=3D=22mailto=3Anewsletter=
=40mailblocks=2Ecom=22=3E
newsletter=40mailblocks=2Ecom=3C=2Fa=3E or just reply with remove in the=
 subject=2E All requests will take effect within 10 days=2E =3B 
Where did you sign up to this opt-in email list=3F This list was purchased=
 on eBay 
inc=2E item number 2585470823 from Seller =3Cfont color=3D=22#0000FF=22=3E
=3Ca href=3D=22mailto=3Adavrome=40cox=2Enet=3Fsubject=3DEbay sale=
 #2585470823 Opt-in only list=22=3E
Who Sold your email address=3C=2Fa=3E =3C=2Ffont=3E=3C=2Ffont=3E=3C=2Fp=3E
=3Cul=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Misleading Headers or Other Masking=
 of Email Origin=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - An email may not include falsification of header information=2C false 
  registrations for email accounts or IP addresses used in connection with=
 email 
  ads=2C and retransmissions of an email ad for the purpose of concealing=
 its 
  origin=2E A subject heading of the message likely would mislead a=
 reasonable 
  recipient as to the contents or subject matter of the message=2E =3C=
=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3EEmail Ads Must Contain Clear=
 Identification=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Messages containing advertisements or solicitations must be identified=
 as 
  such=2C and do so by "=3Bclear and conspicuous"=3B means=2E=
 Further=2C the sender must 
  identify itself as the initiator and sender of the email including=
 company 
  name=2C email address and physical address=2E=3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3EEffective Method of Opt-Out of Future=
 Mailings=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Senders of emails covered by the Act must give recipients an effective=
 means 
  of requesting not to receive future email ads from that sender=2E=
 Effective 
  means include=3A =3Cbr=3E
  =3Cbr=3E
  =28a=29 Giving the recipient the ability to send a reply message or=
 other 
  "=3BInternet-based communication"=3B =28such as a link to a Web=
 site where the 
  recipient registers it opting=29 enabling the recipient to opt-out of=
 future 
  emails from the sender=2C =3Cbr=3E
  =3Cbr=3E
  =28b=29 Keeping the opt-out means used viable for at least 30 days after=
 the 
  original message is sent=2C and =3Cbr=3E
  =3Cbr=3E
  =28c=29 Ceasing transmission of email ads to that recipient no later=
 than 10 
  business days after receipt of an opt-out request=2E =3Cbr=3E
  =3Cbr=3E
 =3B=3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Sale or Transfer of Opted-out Email=
 Addresses=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Email senders=2C or any other person who is aware of an opt-out=
 request=2C are 
  generally prohibited from selling or otherwise transferring email=
 addresses of 
  persons who have opted-out=2E =3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Sexually Oriented Material in Email=
 Messages=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Emails that contain sexually oriented material=2E=2E =3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Random Generation of Email Addresses=
=3C=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - You are responsible for knowing the source of your email list=2E No=
 list and 
  emailings may contain email addresses obtained by the use of a program=
 for 
  random generation of email addresses=2C and=2For "=3Bscraping"=
=3B Web sites or online 
  services=2E =3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Invalid Email Account Generation=3C=
=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Senders may not use scripts or other automated means to register for 
  multiple email accounts or online user accounts from which to transmit=
 emails=2E
  =3C=2Ffont=3E
  =3Cb=3E=3Cfont size=3D=221=22=3ENo Unlawful Retransmission of Emails=3C=
=2Ffont=3E=3C=2Fb=3E=3Cfont size=3D=221=22=3E 
  - Senders are prohibited from relaying or retransmitting emails from a 
  computer or computer network that was accessed without authorization=2E =
=3C=2Ffont=3E
=3C=2Fbody=3E

=3C=2Fhtml=3E


The oldest "Synapse"-Spam we've come across was reported on a website on 2003-10-28. The bogus HELO-string in the header lays a false trace towards a shawcable.net host, as does the HELO-string in Spam #2 listed above.

Anti-Spam Resources:
Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)