I got a most intriguing piece of spam in my mailbox today. It passed through dspam because it was so interesting that I would appreciate it. I’m very happy with dspam that way – it really knows what e-mail I like
Here’s what the body looked like:
Sender: “%FROM_NAME” < %FROM_EMAIL>
Yeah, all of that in the body. The interesting parts of the headers were:
Received: from 192.168.0.%RND_DIGIT (203-219-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for < %TO_EMAIL>;
Message-Id: < %RND_DIGIT.%STATWORD@mail%SINGSTAT.%RND_FROM_DOMAIN>
So, someone pressed the wrong button, and their spam zombie software didn’t have any content to put into the spam messages. TheÂ software is so stupid that it then just sends the unmodified template. Lovely.
What’s interesting about this message is that they fake the first Received header. I wonder why – there’s really not all that much point in making it look like it came from a box behind a NAT gateway… I also wonder what SINGSTAT stands for.