[Mimedefang] Massive spam with randon subjects
Joseph Brennan
brennan at columbia.edu
Fri Dec 19 14:33:33 EST 2003
> Re: IAANWBC, what's this now?'
> Re: VE, this taletelling about
>
> And some unwise spammer, show me part of the construction method of
> the line:
>
> Re: %RND_UC_CHAR[2-8], the two quarrelling
On first impression, this does not look like a very useful thing
to filter on. Maybe for a point in Spamassassin. It could easily
be in real mail. My instinct would be to look for something else.
I wonder what you'd get checking for "Re:" without any other
indicator of being a reply.
Oh, wait, I have one right here. The body is (between the ---):
----------
<HTML><HEAD>
<BODY>
<p>Fr</bouquet>ee Ca</sepuchral>ble%RND_SYB TV</p>
<a href="http://www.2004hosting.net/cable/">
<img border="0" src="http://www.530000x.net/fiter2.jpg"></a>
amethystine otter willard chum turnover perch presumptuous lipid peste fred
burial eugene gatekeep funnel canto languid diocesan carpathia sancho
barbarism delight afflict ballerina bottommost delphinus central chrome
expensive ecumenic bat cohosh terra verve belvedere tactual <BR>
thee polecat finery dirge rocket mattson rule gadfly coin anthracite
seagram millikan omission snagging <BR>
</BODY>
</HTML>
----------
<HEAD> without </HEAD> is special. In fact my mail client shows
me an empty message body because of that.
And, do they all have this in the header?
X-Originating-IP: [530000x.netIP]
I've never seen an IP address with letters in it before :-)
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
More information about the MIMEDefang
mailing list