oh, spammers…

I got a most intriguing piece of spam in my mailbox today. It passed through dspam because it was so interesting that I would appreciate it. I’m very happy with dspam that way – it really knows what e-mail I like ;)

Here’s what the body looked like:

Subject: %SUBJECT
Mime-Version: 1.0
Content-Type: text/html


Yeah, all of that in the body. The interesting parts of the headers were:

Received: from 192.168.0.%RND_DIGIT (203-219-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for < %TO_EMAIL>;

So, someone pressed the wrong button, and their spam zombie software didn’t have any content to put into the spam messages. The  software is so stupid that it then just sends the unmodified template. Lovely.

What’s interesting about this message is that they fake the first Received header. I wonder why – there’s really not all that much point in making it look like it came from a box behind a NAT gateway… I also wonder what SINGSTAT stands for.

This entry was posted in Completely clueless. Bookmark the permalink.

Leave a Reply