Can someone explain to me (publicly or privately) why someone would send spam with no product to sell, no position to pitch, nothing except text designed to get by a spam filter -- without even HTML to KNOW it got by a spam filter..
For example:
just out of curiosity, do you happen to use a mail reader which normally
only shows you the text portion of a mime message?
there's quite a lot of spam which has attempts at busting bayesian
filters in the text section, and the spam payload is in the html section.
richard
(a) kill bayesian filters - people would simply mark it as spam and then
notice that their spam filters become less trustworthy.
(b) list scraping - perhaps not random dictionary words (i've seen
real-sounding meeting confirmation emails, for example, which
a few unrelated friends of mine also received) to determine which
email addresses are/aren't valid
(c) Sometimes, I get spam with the above crap in the text body, but
a spam-like HTML body.
Adrian
>
>
> Can someone explain to me (publicly or privately) why someone would send
> spam with no product to sell, no position to pitch, nothing except text
> designed to get by a spam filter -- without even HTML to KNOW it got by
> a spam filter..
<snip>
(c) Sometimes, I get spam with the above crap in the text body, but
a spam-like HTML body.
numbing the masses to the pain....
A message like this will usualy contain an html portion with an image in it
that is a single pixel in size, that is white-on-white. It doesn't show up
when you look at it, but it sends a request to the sender's specified
website to get the pixel, thus showing them which email accounts are active.
Jerry
A message like this will usualy contain an html portion with an image in
it that is a single pixel in size, that is white-on-white. It doesn't
show up when you look at it, but it sends a request to the sender's
specified website to get the pixel, thus showing them which email accounts
are active.
except for those of us who don't use browsers to read mail and have html
turned off in our mail readers. i just love those "get a mail reader that
can handle html" responses to my requests not to post html to nanog and
other ops lists. html ain't quite as bad as javascript, but with today's
html hackin' kiddies, it's a close contest.
randy
for those who tire of the increasing complexity of email(*)
may I recommend /usr/ucb/mail - a (relatively) small, lightweight
MUA.
--bill
(*) plus attachments, video/audio clips, goofy fonts, textured/scented "stationary", et.al.
and/or POP/IMAP, procmail, spamassasin, black/white/grey-lists, DNS hacks, et.al.
(Subject line changed to comply with Merit's AUP)
it sends a request to the sender's specified website to get the pixel
thus showing them which email accounts are active.
Some times the request goes to the website, sometimes a DNS request to
nameservers is sufficient to cause the account to be tagged as active.
False tagging can occur if a mailserver or other scanner looks up the
IP of URLs found in mail messages
for those who tire of the increasing complexity of email(*)
may I recommend /usr/ucb/mail - a (relatively) small, lightweight
MUA.
real hackers read their mail with cat -- from some sig back in the '80s
bmanning@vacation.karoshi.com wrote:
for those who tire of the increasing complexity of email(*)
may I recommend /usr/ucb/mail - a (relatively) small, lightweight
MUA.
(*) plus attachments, video/audio clips, goofy fonts, textured/scented "stationary", et.al.
and/or POP/IMAP, procmail, spamassasin, black/white/grey-lists, DNS hacks, et.al.
I'm thinking "Big Chief" tablet and black crayon.
I don't quite understand how that would work. DNS Request does not contain
name of who the email is addressed to unless instead of using something like
"http://spammersserver.com/confirmemail.cgi?yourname@yourdomain.com"
they rewrite it into "http://emailidstring.spammerserver.com"
and use some custom dns server that can log all such requests.
But I really dont see how this would be any different then just logging
with cgi, it'll result in positive logging for exactly same set of people.
For example as I'm using PINE from unix shell, all those html images
are not referenced in any way, nor are there requests set for them in dns.
Where as WYSIWYG html email client (no matter if its web-based or outlook
or mozilla) will reference and display all images contained in email
You can turn it off in Mozilla and some MS clients. It's a pretty common
feature nowadays.
I don't quite understand how that would work.
...
unless instead of using something like
"http://spammersserver.com/confirmemail.cgi?yourname@yourdomain.com"
they rewrite it into "http://emailidstring.spammerserver.com"
and use some custom dns server that can log all such requests.
That is precisely what they are doing.
But I really dont see how this would be any different then just
logging with cgi, it'll result in positive logging for exactly
same set of people.
In pure logging terms there is no difference. However a filtering
mailserver may do a lookup on the URL to see if the IP is listed as
problematic, and that will register the DNS access whereas it would
not register the CGI. The thinking being that the filter would be
unlikely to check the content if the address was invalid anyway.
Also, the IP of the URL target is more likely to be identifiable,
and the site taken down, than any nameserver that might be used.
(It's all relative - no absolutes here)
Yeh, good.
My point still stands though, your email client will either try to resolve
the url and try to get the image or it will not (in which case there would
be no dns request either).
Deepak Jain wrote:
Can someone explain to me (publicly or privately) why someone would send spam with no product to sell, no position to pitch, nothing except text designed to get by a spam filter -- without even HTML to KNOW it got by a spam filter..
Quite often it's broken spam-ware. Ever see %RND_UC_CHAR in the subject? Broken software. Spammer didn't even RTFM for his own ratware.
Properly trained SpamAssassin with some additional rulesets (http://www.exit0.us) catches the vast majority of those.
-Jonathan