| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | SPAM |
A good morning to you All Lately I took part in a dialogue about spam in this area. I couldn't resist to share this story with you. Not only for the fun of it but also to show the techniques some spammers use. My POP3 defender software reported a funny spam attempt that got me interested...not only in the way it was constructed but also i got interested because we discussed spam here earlier. This was also the reason to take a peek (which I normally don't) :-) It was reported as: not bounced, illegal return-path. illegal header information I downloaded the header info (and will comment on it in C style): ---------------------------------------------------------------------- Return-Path: /* first characters of name are random */ /* (yeah..as if that would prevent filtering...har..har..har) */ /* k.ro is not a valid URL name (I will comment on that later) */ Received: from unknown (201.187.168.97) by smtp-server1.cfl.rr.com /* illegal IP, illegal URL, probably random */ Received: from rly-xl05.mx.aol.com ([147.119.50.98]) by smtp4.cyberec.com /*illegal IP, illegal URL, probably random */ Subject: very urgent and important wamk /* last characters of subject are random */ ------------------------------------------------------------------------ The k.ro URL is not valid.... if it was k.org.ro or k.com.ro it would be okay. OOI: From the k.ro URL I traced the IP number (194.102.255.23) and it turned out to be a hacked (or hackers) (DN)server in romania which is known to have several security leaks and since some time a worm infection. Normally spam is send through remailers (which can be blocked quite easily...just give the command on the remailer server) very clever indeed...so far the most clever attempt I've seen....this way they can garble any part of info in the original header.... The funny part is that just THIS reason (garbled header) caused the mail to crashland before it hit my inbox :-) Most funny is that my software figured out the validity of a return address in the first lines of the body and already had sent a warning to it (anonymous via remailerservice) and a warning to the system administrator of the same site automagically. :-) Greetingzetcetera, Thom ... Mazzelaars... Hmpf... --- GoldED+/386 1.1.4.7* Origin: Point of The Snake (2:280/4312.3) SEEN-BY: 633/267 270 @PATH: 280/4312 2476/418 2432/200 774/605 123/500 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.