nanog mailing list archives

Re: New SPAM DOS

From: William Herrin <bill () herrin us>
Date: Fri, 8 Jan 2010 16:16:44 -0500

On Fri, Jan 8, 2010 at 3:52 PM, Owen DeLong <owen () delong com> wrote:

Unfortunately, I only have the spamcop report sent to me, I don't have the original message.
What spamcop sends does not include Content-Type headers or the additional parts of
the message, only the plain text portion.


Ah, that explains why you didn't know that the underlying URL is not
actually to your web site. Here's what the HTML part looks like:

tings were changed. In order to apply the new set of settings click on the =
following link:<br><br><a href=3D"http://nosoliciting.dirtside.com.okqwab.c=
om.pl/owa/service_directory/settings.php?email=3Dmktts@nosoliciting.dirtsid=
e.com&from=3Dnosoliciting.dirtside.com&fromname=3Dmktts"><font size=3D"2">h=
ttp://nosoliciting.dirtside.com/owa/service_directory/settings.php?email=3D=
mktts () nosoliciting dirtside com&from=3Dnosoliciting.dirtside.com&fromname=3D=
mktts</font></a><br><br>Best regards, nosoliciting.dirtside.com Technical S=
upport.<br><br>Message ID#MK8S99OOMIEPVRAZDVIG4</font></p>

And yes, we're all getting a crapload of these but most die in the
spam filter so we never see them. The message I quoted from achieved a
spam-assassin score of 26.

Regards,
Bill




-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

New SPAM DOS Owen DeLong (Jan 08)
- Re: New SPAM DOS Shane Ronan (Jan 08)
  - RE: New SPAM DOS Blake Pfankuch (Jan 08)
    - Re: New SPAM DOS John Peach (Jan 08)
- Re: New SPAM DOS sthaug (Jan 08)
  - Re: New SPAM DOS Owen DeLong (Jan 08)
    - Re: New SPAM DOS William Herrin (Jan 08)
- RE: New SPAM DOS Aaron Wendel (Jan 08)
- Re: New SPAM DOS Chris Fuenty (Jan 08)