Yet another Trademe Scam distributed via email - fairly accurately done too. Proports to be from 'mailer@trademe.co.nz'.

http://www.blakjak.net/images/trademescam.html <--- This is is the fake as it would render in an HTML capable email client.

http://www.blakjak.net/images/trademescam.txt <-- heres the source code. Look carefully at where the key link points.

http://trademe.servehttp.com/Login_aspx.htm

The host resolves to 86.107.3.61 which is an IP used in Romania. Not New Zealand!

Don't get caught out, folks..

[edit] Heres the mail headers of a copy I got direct:

Return-Path:
Delivered-To: [my email address]
Received: (qmail 30184 invoked from network); 5 Aug 2006 12:38:40 +1200
Received: from unknown (HELO manchester.micfo.com) (205.234.198.184)
by maverick.blakjak.net with SMTP; 5 Aug 2006 12:38:40 +1200
Received: from nobody by manchester.micfo.com with local (Exim 4.52)
id 1G9ABH-0005ur-Qz
for [my email address]; Fri, 04 Aug 2006 19:38:19 -0500
To: [my email address]
Subject: Trade Me - a message from maori_with_guns
X-PHP-Script: manchester.micfo.com/~nufardel/info/send.php for 80.97.187.143, 80.97.176.127
From: Trade Me
Content-Type: text/html
X-Priority: 3
Message-Id:
Date: Fri, 04 Aug 2006 19:38:19 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - manchester.micfo.com
X-AntiAbuse: Original Domain - [my domain]
X-AntiAbuse: Originator/Caller UID/GID - [99 500] / [47 12]
X-AntiAbuse: Sender Address Domain - manchester.micfo.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: nufardelta.ro:/public_html/info
[anti-spam headers from blakjak.net removed]

Followup 6 Aug: I am advised that the ISP hosting the mailout-source is being required to take appropriate action by their upstream host, and that the servehttp.com host has been terminated. A good result.

Now if only the perp's could be brought to justice... :|