nospam" account.
Yes, nospam on my system at work is a real account, but it
/dev/nulls all incoming mail. All of it.
However, as I had helped in the past to administer a friend's installation of majordomo (a mailing list
open source server, written in perl), I
occasionally see little gems of spams when "majordomo" gets on a spammer's
mailing list. What usually happens then is that the spammer includes
"majordomo@example.com" (see next paragraph) on
their mailing list, and then of course the majordomo perl script tries to
interpret the content of the spam as commands. If the
"From:" header in the spam is forged, as it usually
is, the output of majordomo --- sent in a mail message --- fails to get
delivered and bounces back to the majordomo owners.
From: MAILER-DAEMON@example.com To: Majordomo-Owner@example.com Subject: failure notice Date: 29 Jan 1999 13:08:38 -0000 Hi. This is the qmail-send program at example.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <Lisa1977@visualand.co.jp>: 202.234.19.3 does not like recipient. Remote host said: 550 <Lisa1977@visualand.co.jp>... User unknown Giving up. --- Below this line is a copy of the message. Return-Path: <Majordomo-Owner@example.com> Received: (qmail 2856 invoked by uid 10501); 29 Jan 1999 13:08:30 -0000 Date: 29 Jan 1999 13:08:30 -0000 Message-ID: <19990129130830.2855.qmail@example.com> To: Lisa1977@visualand.co.jp From: Majordomo@example.com Subject: Majordomo results: Pay us a visit. (adults ONLY) Reply-To: Majordomo@example.com -- >>>> 38A0 **** Command '38a0' not recognized. >>>> >>>> If you're over 18 you'll want to SEE THIS! **** Command 'if' not recognized. >>>> LIVE CYBERSEX 24 HOURS A DAY **** Command 'live' not recognized. >>>> RIGHT ON YOUR COMPUTER SCREEN !!! **** Command 'right' not recognized. >>>> >>>> CLICK ON THE LINK BELOW: **** Command 'click' not recognized. >>>> >>>> http://3521254390/nope/FWIW, 3521254390 can be easily translated, e.g. by the traceroute program:
bash$ traceroute 3521254390
traceroute to 3521254390 (209.226.19.246), 30 hops max, 40 byte packets
whois -h whois.arin.net 209.226.19 to
track the spamsite down.
**** Command 'http://3521254390/nope/' not recognized. >>>> >>>> >>>> You can watch Them do it all LIVE, talk live **** Command 'you' not recognized. >>>> and get these gorgeous TEEN models to do anything! **** Command 'and' not recognized. >>>> You tell them what to do, and they do it **** Command 'you' not recognized. >>>> HOT YOUNG TEEN GIRLS AND GUYS **** Command 'hot' not recognized. >>>> THOUSANDS O=46 PICTURES AND AVI'S TOO **** Command 'thousands' not recognized. >>>> >>>> >>>> CLICK ON THE LINK BELOW: **** Command 'click' not recognized. >>>> >>>> http://3521254390/nope/ **** Command 'http://3521254390/nope/' not recognized. >>>> >>>> >>>> >>>> >>>> >>>> *************************************************** **** Command '***************************************************' not recogniz\ ed. >>>> To remove yourself from the member mailing list. **** Command 'to' not recognized. >>>> 1. Go to http://3448153916/remove/remove.cgi **** Command '1.' not recognized. >>>> and follow instructions provided on web page. **** Command 'and' not recognized. >>>> THIS IS NOT AN UNSOLICITED EMAIL! YOU HAVE RECEIVED THIS **** Command 'this' not recognized. >>>> BECAUSE YOU ARE A PAST/PRESENT MEMBER, OR ARE A VISITOR **** Command 'because' not recognized. >>>> WHO HAS REQUESTED ADDITIONAL IN=46ORMATION ABOUT OUR SITES.The text in blue is plainly a LIE. How could a majordomo server get on such a list? Hello, Federal Trade Commission, are you listening???
**** who: no such list 'HAS' >>>> OR **** Command 'or' not recognized. >>>> 1. "REPLY" to: mailto: IIllI11@mymail.com **** Command '1.' not recognized. >>>> 2. Type "Remove" in the Subject field and hit send. **** Command '2.' not recognized. >>>> Submitting as above will delete your e-mail address **** Command 'submitting' not recognized. >>>> from our database. **** Command 'from' not recognized. >>>> OR **** Command 'or' not recognized. >>>> >>>> Call: (305) 460-3165 to be removed. **** Command 'call:' not recognized. >>>> **************************************************** **** Command '****************************************************' not recogni\ zed. >>>> >>>> >>>> **** Help for Majordomo@example.com: This is the "Majordomo" mailing list manager, version 1.94.1.(rest of majordomo help omitted).
From: MAILER-DAEMON@l3serv10.netzero.net To: Majordomo-Owner@example.com Subject: failure notice Date: 10 Apr 1999 03:33:12 -0000 Hi. This is the NetZero mail server. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <survey@netzero.net>: Account closed due to violation of user policy
Pretty good so far, right? Spammer got zapped. But the best is yet to come...
--- Below this line is a copy of the message. Return-Path: <Majordomo-Owner@example.com> Received: (qmail 4728 invoked by uid 0); 10 Apr 1999 01:27:13 -0000 Received: from example.com (12.4.218.41) by mail.netzero.net with SMTP; 10 Apr 1999 01:27:13 -0000 Received: (qmail 21282 invoked by uid 10501); 10 Apr 1999 01:27:09 -0000 Date: 10 Apr 1999 01:27:09 -0000 Message-ID: <19990410012709.21281.qmail@example.com> To: survey@netzero.net From: Majordomo@example.com Subject: Majordomo results: Test Reply-To: Majordomo@example.com -- >>>> Vote YES or NO to SPAM! **** Command 'vote' not recognized. >>>> >>>> Dear Friend: **** Command 'dear' not recognized. >>>> >>>> Thank you for joining our opt-in list to receive this survey. This is not a **** Command 'thank' not recognized. >>>> SPAM. If you prefer to be excluded from our surveys, feel that this email has
Hats off to the netzero abuse team for their nifty qmail customizations and fast action. Don't ever say you never heard of "spam lies", especially after reading these gems :-)
|
Other Spamfighting Resources References in strong text lead to content I publish.
|