Results 1 to 5 of 5

Thread: Pesty spam

  1. #1
    Star Lounger
    Join Date
    Sep 2003
    Location
    Texas, USA
    Posts
    98
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Pesty spam

    Can someone help me figure this out? A list I moderate receives numerous e-mails of the following sort. The e-mail addresses they come from, the subject and the text all vary and mostly are nonsensical. Some have some "quality" and humor to them like this one. For a long time, the subjects were sexual in nature, and still are somewhat; however, the text almost always is not.

    My question is... Why are these useless e-mails being sent? They are a pain in the whatsit, but appear harmless. They appear to have no purpose. They don't sell anything. I keep sending these to abuse@rootsweb.com and www.postini.com but they keep coming. It's becoming a matter of honor to stop them.

    I do not click on the links...ever.


    ----- Original Message -----
    From: "Returnable E. Shorting" <compensating@mindslip.com>
    To: "Crow" <crow-d-request@rootsweb.com>
    Sent: Saturday, November 27, 2004 2:52 PM
    Subject: Fw: True DVD Quality Hi Rseolution Dnwoloadable Movies


    > Well well!
    >
    > http://glynjoneser.com/e026af4893e65e215f2...iAZAgVMBQ0D.htm
    >
    > A verbal contract isn't worth the paper it's written on.
    >
    > AmberaKhodankway
    >
    > http://glynjoneser.com/e026af4893e65e215f2...AkNGiAZAgVMBQ0D

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Pesty spam

    I guess the first "problem" is that you almost certainly are not seeing the entire message there. I suspect it originally was an HTML-format message with an embedded image and you are seeing a text conversion of it that strips out its context.

    The second issue is how any software could reliably detect that this is a fake message. There's very little to it, but then, lots of legitimate email has very little to it. I'm afraid that it make be many months (years?) before they figure that out... Some mailing lists accept messages only from registered users, and this can help a great deal, but there's definitely no easy fix.

  3. #3
    Star Lounger
    Join Date
    Sep 2003
    Location
    Texas, USA
    Posts
    98
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pesty spam

    I appreciate your help so much. I waited to reply so I could look at other spam; I received two, this morning. There is no message that images or text were blocked. The weird text of one is:
    Buenos noches!

    http://kulibiner.com/26e525bcbdf263c34d10/...iAZAgVMBQ0D.htm

    Let no man under value the price of a virtuous woman's counsel.
    Har wira-man hesin weleba da
    http://kulibiner.com/26e525bcbdf263c34d10/...AkNGiAZAgVMBQ0D

    The header of the other is:
    Return-Path: <listadmin-bounces@rootsweb.com>
    Received: from [64.18.0.233] (HELO psmtp.com)
    by mail.hal-pc.org (CommuniGate Pro SMTP 4.2.1)
    with SMTP id 141524213 for asbalch@hal-pc.org; Sat, 27 Nov 2004 21:09:25 -0600
    Received: from source ([66.43.18.41]) by exprod5mx54.postini.com ([64.18.4.10]) with SMTP;
    Sun, 28 Nov 2004 03:09:25 ESTEDT
    Received: (from slist@localhost)
    by lists5.rootsweb.com (8.12.8/8.12.8) id iAS39C7Z017181
    for CROW-admin@lists5.rootsweb.com; Sat, 27 Nov 2004 20:09:12 -0700
    Date: Sat, 27 Nov 2004 20:09:12 -0700
    X-From_: schwa@stonehengefarms.com Sat Nov 27 20:09:11 2004
    Received: from mail.rootsweb.com (mail.rootsweb.com [192.168.16.34])
    by lists5.rootsweb.com (8.12.8/8.12.8) with ESMTP id iAS39Bim017162
    for <CROW-D-request@lists5.rootsweb.com>; Sat, 27 Nov 2004 20:09:11 -0700
    Received: from host-66-205-104-189.classicnet.net (host-66-205-104-189.classicnet.net [66.205.104.189])
    by mail.rootsweb.com (8.12.10/8.12.10) with ESMTP id iAS3942R017027
    for <crow-d-request@rootsweb.com>; Sat, 27 Nov 2004 20:09:10 -0700
    Received: from stonehengefarms.com (mx00.1and1.com [217.160.230.10])
    by host-66-205-104-189.classicnet.net with esmtp
    id 4E577A29DC for <crow-d-request@rootsweb.com>; Sat, 27 Nov 2004 22:05:46 -0600
    Message-ID: <011101c4d4ff$94b23a54$840e93a9@stonehengefarms.co m>
    From: "Backslapper D. Irregularity" <schwa@stonehengefarms.com>
    To: Crow <crow-d-request@rootsweb.com>
    Subject: Married Female Stars naked
    Old-Date: Sat, 27 Nov 2004 22:05:46 -0600
    MIME-Version: 1.0
    Content-Type: text/plain
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2800.1437
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505.0000
    X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6
    X-Scanned-By: MIMEDefang 2.38
    X-Diagnostic: Unprocessed
    X-Envelope-To: CROW-D-request
    X-pstn-levels: (S: 0.80909/98.45219 R:95.9108 P:95.9108 M:94.8624 C:98.9754 )
    X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c
    X-pstn-addresses: from <schwa@stonehengefarms.com> forward (good recip) [1669/73]

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Pesty spam

    I wish I could interpret these spam headers:

    X-pstn-levels: (S: 0.80909/98.45219 R:95.9108 P:95.9108 M:94.8624 C:98.9754 )
    X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c

    Something in there probably says how it squeaked past Postini, but I have no idea how to read it.

    Anyway, perhaps the MO of these new messages is to arouse your curiosity so you click the link even if you have no idea what the sender is talking about. I'm sure many people do just that!

  5. #5
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Pesty spam

    I found a bit of an explanation in this PDF file.

    These are ratings that have been added by a spam filter somewhere between you and the source. I think that PSTN might stand for POSTINI (based on the kinds of hits I saw on google).

    X-pstn-levels: (S: 0.80909/98.45219 R:95.9108 P:95.9108 M:94.8624 C:98.9754 )

    S Overall Score : Probability that the message is NOT spam
    100 (not spammish) to 0 (very spammish)

    R Racially Insensitive : 0 (least spammish) to 100 (most spammish)
    P Pornographic : 0 (least spammish) to 100 (most spammish)
    M Make Money Fast : 0 (least spammish) to 100 (most spammish)
    C Commercial Offer : 0 (least spammish) to 100 (most spammish)

    StuartR

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •