It is quite common for an online service provider to suggest adding their 'email sending address' to a end user, so that spam filters let pieces from know senders avoid spam filtering
This piece came in. Here are the headers:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
X-Spam-Status: No, score=-87.1 required=4.0 tests=BAYES_05,
URIBL_WS_SURBL,USER_IN_WHITELIST autolearn=no version=3.3.1
Received: from shadow.apd.hu (shadow.apd.hu [18.104.22.168])
by bronson.owlriver.com (8.13.8/8.13.8) with SMTP id o8224mbp009823
for <firstname.lastname@example.org>; Wed, 1 Sep 2010 22:04:50 -0400
Date: Thu, 2 Sep 2010 04:04:49 +0000
From: Twitter <email@example.com>
Subject: You have 5 unread direct messages from Twitter!
Content-Type: text/html; charset=utf-8
X-Munge: added X-Envelope-To
X-Orig-Subject: You have 5 unread direct messages from Twitter!
The body is heavily obsfucated HTML, but the clear text is:
You have 5 unread direct messages from Twitter!
The Twitter Team
If you received this message in error and did not sign up for a
Twitter account, click not my account [medicinete.info].
Please do not reply to this message; it was sent from an unmonitored
email address. This message is a service email related to your use of
Twitter. For general inquiries or to request support with your
Twitter account, please visit us at Twitter Support
Clever enough -- the "[medicinete.info]" is added by my MUA -- Mail (reading) User Agent, alpine, and so the link to a forged site is obvious. But the use of the forged sender address, and the fact that I have a global 'whitelist' pass rule on that mail server, rather than 'per user' pass rules for the custom spamassassin on this CentOS 5 box, means that the forgery was treated as though it was from a trusted sender and favorably scored 100 points
Of course there IS no such user 'rpm' here sending email, but that was scraped off a web page in the domain, and so it draws content from hopeful spammers