[Mimedefang] Massive spam with randon subjects

Joseph Brennan brennan at columbia.edu
Fri Dec 19 14:33:33 EST 2003


> Re: IAANWBC, what's this now?'
> Re: VE, this taletelling about
>
> 	And some unwise spammer, show me part of the construction method of
> the line:
>
> Re: %RND_UC_CHAR[2-8], the two quarrelling


On first impression, this does not look like a very useful thing
to filter on.  Maybe for a point in Spamassassin.  It could easily
be in real mail.  My instinct would be to look for something else.

I wonder what you'd get checking for "Re:" without any other
indicator of being a reply.

Oh, wait, I have one right here.  The body is (between the ---):

----------

<HTML><HEAD>
<BODY>
<p>Fr</bouquet>ee Ca</sepuchral>ble%RND_SYB TV</p>
<a href="http://www.2004hosting.net/cable/">
<img border="0" src="http://www.530000x.net/fiter2.jpg"></a>
amethystine otter willard chum turnover perch presumptuous lipid peste fred 
burial eugene gatekeep funnel canto languid diocesan carpathia sancho 
barbarism delight afflict ballerina bottommost delphinus central chrome 
expensive ecumenic bat cohosh terra verve belvedere tactual <BR>
thee polecat finery dirge rocket mattson rule gadfly coin anthracite 
seagram millikan omission snagging <BR>

</BODY>
</HTML>

----------

<HEAD> without </HEAD> is special.  In fact my mail client shows
me an empty message body because of that.

And, do they all have this in the header?
X-Originating-IP: [530000x.netIP]
I've never seen an IP address with letters in it before :-)


Joseph Brennan         Columbia University in the City of New York
Academic Technologies Group                   brennan at columbia.edu

















More information about the MIMEDefang mailing list