Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 05 2012


New ways of spamming

Futurama's Fry wondering: "Not sure if spam or just particularly curious"

So, I recently received a new mail that I presume is spam:

From: Julianna $changed <$localpart@gmail.com>
Subject: A graphic on Microsoft's failures
To: towo@ydal.de

Hi Tobias,

I was curious to see if this was the correct email to contact in regards to the content on ydal.de?


Julianna $changed

This is a rather curious e-mail. It sort of looks legit, but there’s nothing at all on ydal.de that should reflect as a «graphic on Microsoft’s failures».

Spamassassin also thinks it’s legit:

X-Spam-Report: SpamAssassin 3.2.5 (2008-06-10) on flock.szaf.org
 Content analysis details:   (-0.5 points, 5.0 required, autolearn=no)
  pts rule name              description
 --- ---------------------- --------------------------------------------------
  0.7 SPF_NEUTRAL            SPF: sender does not match SPF record (neutral)
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                             [score: 0.0000]
  1.4 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76 chars

The SPF mismatch is rather interesting: even though you’d assume someone stating their Google Mail address to use the Gmail web interface (or one of the known clients), the sender is “offandawaymail.com”, which has a non-functioning web server. Googling for the host quite quickly reveals other people also getting this mail, and Tim Dobson googled a bit, also digging up a enlightening discussion on Google+.

So this isn’t even the standard attempt to bugger up your Bayesian spam filters (see the Wikipedia article on Bayesian poisoning. It’s a sneaky attempt to actually do SEO by using half-automated spamming. Which is pretty weird, since it’s rather cost-intensive in terms of manpower — even if it’s generated automatically, they have to categorize sites in what they want to spam them about. There’s also the fact that I’m addressed with my first name — while this may be reasonably extracted from information on the web, the debian-live mailing list received a similar mail, and they were addressed with “editor”, which a quick Google search couldn’t associated with the mailing list address. Which, at least, makes for a rather interesting source database that seems to have been used.

What I found most abusing about this all is how quickly my brain said “this is fishy”, whereas automatic classification was unperturbed.

flattr this!

Tags: Articles SEO spam

Don't be the product, buy the product!