[Mimedefang] OT: Email web form exploits

Chris Gauch cgauch at digicon.net
Mon Sep 5 22:21:18 EDT 2005

This is somewhat off-topic but does relate to spam/email as these Email web
form exploits seem to be yet another method that spammers have found to junk
up inboxes...

Just wanted to hear how others are being hit by this latest scam.  As an ISP
that hosts hundreds of websites that use Email web forms, we have had lots
of forms come through with fake email addresses throughout the form (see the
article below for more info):


Here's an example (shown on the website above) of what these "exploited" web
forms look like when sent via email from the web server:

-- snip --

comments[ejrkjfkn at nowhere.com]
andersUser[ejrkjfkn at nowhere.com]
redirectTo[ejrkjfkn at nowhere.com]
name[ejrkjfkn at nowhere.com]
page[ejrkjfkn at nowhere.com]
email[ejrkjfkn at anders.com
Content-Type: multipart/mixed;
MIME-Version: 1.0
Subject: 40d7e77
To: ejrkjfkn at nowhere.com
bcc: killerhamster at punkass.com
From: ejrkjfkn at nowhere.com

This is a multi-part message in MIME format.


Content-Type: text/plain;
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit


subject[ejrkjfkn at nowhere.com]


Just an FYI as I'm sure many others will or have already encountered this
annoying issue.

- Chris

Chris Gauch
Systems Administrator
Digicon Communications, Inc.
cgauch at digicon.net

More information about the MIMEDefang mailing list