New SPAM DOS

William Herrin bill at herrin.us
Fri Jan 8 21:16:44 UTC 2010


On Fri, Jan 8, 2010 at 3:52 PM, Owen DeLong <owen at delong.com> wrote:
> Unfortunately, I only have the spamcop report sent to me, I don't have the original message.
> What spamcop sends does not include Content-Type headers or the additional parts of
> the message, only the plain text portion.

Ah, that explains why you didn't know that the underlying URL is not
actually to your web site. Here's what the HTML part looks like:

tings were changed. In order to apply the new set of settings click on the =
following link:<br><br><a href=3D"http://nosoliciting.dirtside.com.okqwab.c=
om.pl/owa/service_directory/settings.php?email=3Dmktts at nosoliciting.dirtsid=
e.com&from=3Dnosoliciting.dirtside.com&fromname=3Dmktts"><font size=3D"2">h=
ttp://nosoliciting.dirtside.com/owa/service_directory/settings.php?email=3D=
mktts at nosoliciting.dirtside.com&from=3Dnosoliciting.dirtside.com&fromname=3D=
mktts</font></a><br><br>Best regards, nosoliciting.dirtside.com Technical S=
upport.<br><br>Message ID#MK8S99OOMIEPVRAZDVIG4</font></p>

And yes, we're all getting a crapload of these but most die in the
spam filter so we never see them. The message I quoted from achieved a
spam-assassin score of 26.

Regards,
Bill




-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list