homepage Welcome to WebmasterWorld Guest from 107.22.37.143
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Spammers are getting really clever
Looked at any spam headers lately?
MatthewHSE




msg:3238466
 5:03 pm on Jan 31, 2007 (gmt 0)

We've all gotten bounce messages from spam sent with spoofed "from" or "reply-to" addresses. But has anyone noticed the new tactic spammers are using lately?

I've seen this on three separate e-mail accounts (only one of mine) within the last couple of weeks. Take the following (widget-ified) e-mail headers from the original spam message:

from: matthew@WidgetsDomain.com
reply-to: matthew@WidgetsForSale.com
to: matthew@WidgetsManufactory.com

Sometimes similar envelope-to: headers are added as well.

Two significant facts are immediately obvious:

  1. The portion before the @ sign is the same
  2. The domains all start with Widgets.

It looks like some spammer is sending messages with dynamically-generated headers using other addresses in the list that are similar to the recipient's address.

I can think of at least a couple big advantages spammers might see to this method. For one thing, the "From" display name normally shows up as the first name of the person receiving the message, prompting notice. And, the e-mail address the message appears to be from is apparently related to the recipient's own industry. Finally, the bounces get distributed over a much wider range of ISP's, possibly helping the spammer stay under the radar a lot better.

All of the messages I've seen like this (three or four so far) appear to be bayesian poisoning messages.

Has anyone else seen this, and what are the implications of these more advanced methods of spamming?

 

decaff




msg:3238505
 5:30 pm on Jan 31, 2007 (gmt 0)

clever little buggers aren't they..!

These guys will try anything for an open...
Do you only receive your emails in text format?

If so, you can at least cancel the image pull from their
email server ... (even if it is a 1x1 gif)...

I haven't accepted HTML email for years...yeah..makes life a bit more boring...but knocks down on the spam some..

I will watch my headers a bit more closely here...as several of my email addresses do see some activity...

LifeinAsia




msg:3238565
 6:20 pm on Jan 31, 2007 (gmt 0)

I've been seeing a lot more SPAM with the from address spoofed as the recipient. It's always amusing (not!) to see messages in the e-mail logs from an account that was deleted 5 years ago.

Matt Probert




msg:3238613
 6:57 pm on Jan 31, 2007 (gmt 0)

None get through my spam filter! I check the headers manually on the server and delete them (and probably genuine emails as well <g>)

Matt

rocknbil




msg:3238760
 8:49 pm on Jan 31, 2007 (gmt 0)

I got one the other day that actually had me going for a second. It has my full name, and a message to the effect of (paraphrasing due to TOS):

"Hi, [last name first name], it's [cute girl name], remember me? I'm the short dark haired girl you met at [some business] last spring in [some city], you gave me your business card and said if I ever got anything going to give you a call. Well here, check out my web site."

Except, note that first and last name are swapped, screwing up the attempt at automated English. [some business] is actually a business I did some web work for yeeeeeaaaars ago, but I've never actually been there (it is a mountain lodge) and it's not in [some city], it's in a reserved section of forest only acessible by river, foot, or helicopter. [some business] and [some city] are separated by one very large mountain range and about 150 miles. :-)

But the amazing thing is how they threw several related items about me together in one email. So much talent, all gone to waste, I pity the foo's.

jecasc




msg:3239276
 9:26 am on Feb 1, 2007 (gmt 0)

The spam mails that make the most trouble for me at the moment are those that have an image with the product advertisement and beneath a perfectly normal text.

The only solution to the spam problem is when people stop buying from spammers. I think everyone who buys from spammers should be publicly spanked with a wet towel.

DamonHD




msg:3240060
 10:05 pm on Feb 1, 2007 (gmt 0)

Hi,

I was amused by the towel suggestion: check the UK 10 Downing Street petitions site (yes, a real UK government site) in a few days, and if they approve my petition I think you'll find something that you may want to sign! B^>

Rgds

Damon

mep00




msg:3240423
 8:25 am on Feb 2, 2007 (gmt 0)

With all the deceptive practices used by spammers just to get you to open the email, it's amazing that people are so dim witted to still buy from them.

As far as opening images not embedded in the email, my email client doesn't open them unless they're white listed or I tell it to.

On a related note, the only spam which I didn't mind getting and would have on occasion bought from (though I never did) where the ones for ink cartridges. Interestingly, those seem to be the only ones I never get anymore. If the amount of spam were to be reduced by an order of magnitude and to be for reasonable products (like ink cartridges), I'm sure most people wouldn't mind getting them.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved