Pretty complex phishing scam impersonating fed-ex with the aim of acquiring home address and email harvesting. Detectable by looking at reply-to emails that do not correspond to any official FedEx website. Some sort of algorithm in place that allows them to pull a name out of an email address to make the email look more legit.
I am not expecting any FedEx shipments, and I certainly didn't use a honeypot email to request updates on one. And certainly, Fedex doesn't own a site called "MP3getdownload"
Be wary of working with this scammer as they have a tool that gives every recipient a unique ID, thus meaning they can figure out if they fell into a honeypot. Do not post the "list unsubscribe" portion of headers anywhere without sterilizing your honey-pot mail from the header.
-----
From: FedEx <[email protected]>
SPF: PASS with IP 62.210.74.158
Reply-to: Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
List-Unsubscribe: [censored. Random string followed by honeypot-email] @x.com
----
Body unpastable due to format. Starts off with a properly punctuated form of the honey-pot fake name i used.
Example: If email [email protected] Email starts with "Dear John Doe"
Example: If email [email protected] Email starts with "Dear Jane Random"
Pretty smart.
The second version of email
-----
From: FedEx <[email protected]>
SPF: PASS with IP 62.210.74.158
Reply-to: Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>
Fedex <[email protected]>