I got a most intriguing piece of spam in my mailbox today. It passed through dspam because it was so interesting that I would appreciate it. I’m very happy with dspam that way – it really knows what e-mail I like 
Here’s what the body looked like:
%TO_CC_DEFAULT_HANDLER
Subject: %SUBJECT
Sender: “%FROM_NAME” < %FROM_EMAIL>
Mime-Version: 1.0
Content-Type: text/html
Date: %CURRENT_DATE_TIME
%MESSAGE_BODY
Yeah, all of that in the body. The interesting parts of the headers were:
Received: from 192.168.0.%RND_DIGIT (203-219-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for < %TO_EMAIL>;
%CURRENT_DATE_TIME
Message-Id: < %RND_DIGIT[10].%STATWORD@mail%SINGSTAT.%RND_FROM_DOMAIN>
So, someone pressed the wrong button, and their spam zombie software didn’t have any content to put into the spam messages. The software is so stupid that it then just sends the unmodified template. Lovely.
What’s interesting about this message is that they fake the first Received header. I wonder why – there’s really not all that much point in making it look like it came from a box behind a NAT gateway… I also wonder what SINGSTAT stands for.
![[FSF Associate Member 859]](/blog/wp-content/photos/fsf_member_859.png){kind=small}
![[Play OGG]](/blog/wp-content/photos/play_ogg_small.png)