Ahhh, Is it a SCAM or isn’t it a SCAM? That is the question.

I got an email yesterday. It appears to be a response to a job application.

The English is good. 

Had it showed up in my normal inbox, I’d have been giddy. But for some reason it was in my junk mail folder.

Hmmm. Why would that be?

It’s possible that the reason was that all CAPS subject line. That might have tripped the junk filter.

I’d have ignored it except that the rest of the message looks like a standard business email.

Hmmm.

Then, because I’m desperate for a job, and I have nothing better to do, I looked at the routing and header information.

That’s not exactly true, I have better things to do it’s just that those things aren’t things I actually want to do. In other words, I’m procrastinating and engaging in a bit of sophistry with myself as to the importance of determining if this is a real response.

So I looked up the originating domain. It was registered the same day as the email was sent. Well, that’s suspicious but the originating domain could just be a way for the company in question to separate recruiting email from the main corporate email.

The company is a global enterprise, as such, I could see the logic in keeping the two separate. The newness of the domain registration could have tripped the junk mail filter. It’s possible that said domain’s registration had not propagated to whitelists yet.

Inconclusive.

I looked at the originating email server’s IP address. It’s in Helsinki Finland. Weird!

Also associated with that IP are a number of complaints claiming that a lot of spam / scam email was coming from that particular email server. The most recent  complaint email was 3 years old. It’s possible that the junk mail filter was tripped by this older data and associated black list information.

Still inconclusive. 

Things happen fast in the IT world and 3 years is an eternity. 

The IP address could have been cleaned up, or reallocated, the owner might simply have misconfigured the email server and corrected the problem that was allowing SPAM mail to pass through it.

The Domain is registered in Germany. It could be that they’re using an email server in Finland. Although why not an email server in Berlin or Munich?

Still inconclusive.

This email has an X-Spam score of 12.5. Anything above a 5 is considered spam, that’s probably why the junk mail filter reacted.

However the X-Spam scoring system is based on previous behaviors, complaints, & reliability data. This is why it’s vitally important that email servers be configured properly such that unauthorized users cannot use them to send spam. It’s a pain in the behind to regain your reputation after a billion spam email have been sent through your server.

More conclusive.

The X-Spam system isn’t bad, but it can make mistakes.

Oddly, I can’t find any evidence that I’ve applied to this company. That being said, if they were using a recruiting firm I wouldn’t necessarily have a direct link. The position description in the message looks very much like something I would have applied to.

So, after all of this, it comes down to faith. Not faith in the email itself but faith that my defenses are strong enough to repel an onslaught of spam from some nefarious person or persons, attempting to rip me off.

There is one thing that caught my attention. There is IPv6 data in the email header. That makes me think the email may be legitimate. IPv6 is not something I’d expect to see coming from a spammer. Not that it’s impossible. I just wouldn’t expect to see it coming from a teenager in their mom’s basement.

Well, Hell.

I guess I’ll check my defenses, run another header analysis and respond.

I hate that I’ve been kicked enough that I’m so suspicious. But after a 5 year job search where so many scammers have wasted my time and had me jumping through hoops trying to get my personal data it just makes sense.