Post Feed
Comment Feed

About Me

My MP3 Player

Transatlantic - Bridge Across Forever Green Day - American Idiot Harry Potter and the Chamber of Secrets - (audio book) Dream Theater - Train of Thought

New Comments

2017 Archives

July All Archives...

Idiot Spammers

Wednesday, January 31st, 2007

The only thing they do is pump out email, and some of them can't even get that right. I have now received two spam messages that look like this at my personal email account:

[Unknown Tag *$$cl3* Please Fix]
        [Unknown Tag *$$cl3* Please Fix]
        for <j__@j__r__d.com>; Wed, 31 Jan 2007 08:33:27 -0600
[Unknown Tag *$$cl1* Please Fix]
        [Unknown Tag *$$cl2* Please Fix]
        for <j__@j__r__d.com>; Wed, 31 Jan 2007 08:33:27 -0600
From: "Sam Schroeder" <adamnoyceadop@hotmail.com>
Reply-To: "Sam Schroeder" <adamnoyceadop@hotmail.com>
Message-ID: <0843092801.2916690805@hotmail.com>
Date: Wed, 31 Jan 2007 08:33:27 -0600
To: <j__@j__r__d.com>
Subject: <$$text>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit


<$$text>
<$$text>
<$$text>
<$url1>?<$mcrypt>
<$$text>
<$$text>

So instead of his script replacing all the variables in the template and sending it out to millions of people, it just sent the template itself. The [Unknown Tag...] lines near the top are where the fake Received headers go. These are inserted to try to obscure where the message actually came from. They can't totally cover up the the origin of the message but by adding superfluous Received headers they can sometimes confuse dim-witted spam fighters.

Spammers will always use forged From addresses. Sometimes they are just randomstuff@somebigname.com, and sometimes they use real addresses from their lists of recipients. This guy used a hotmail address, which is the second reason he is a total moron. Hotmail, and other big email providers use the Sender Policy Framework (SPF) for their domain names. This basically is a way of saying what servers are authorized to send email with their domain name in the From field. So why would he use a domain name that is known to use a means of detecting forgery? Because he's a moron.

At least he was nice enough to give me the template so I can catch his messages once he figures how to work his spamware.

Make a comment!

Name
Numbers from below

Comment

Email Address

Website URL


Remember me