Farelf Posted January 19, 2012 Share Posted January 19, 2012 Received 7 "identical" spam (apart from originating IP address, Message-ID: and Date:) in 7 minutes and 49 seconds which seems like a "human" sort of effort, as opposed to robot. Typical is http://www.spamcop.net/sc?id=z5227873458z5...fff1f4dbc9be17z Origin and time differences: 94.76.100.139 (UA) Thu, 19 Jan 2012 16:42:19 +0100 200.125.187.254 (VE) Thu, 19 Jan 2012 16:45:43 +0100 188.240.59.86 (RO) Thu, 19 Jan 2012 16:46:05 +0100 78.153.43.59 (SI) Thu, 19 Jan 2012 16:47:24 +0100 91.191.36.50 (BA) Thu, 19 Jan 2012 16:47:32 +0100 109.107.0.210 (PL) Thu, 19 Jan 2012 16:49:50 +0100 189.74.65.27 (BR) Thu, 19 Jan 2012 16:50:08 +0100 Another oddity is in the time zones - most of those (well, four of them) are wrong for the origin (and those times all tie in closely with the received stamps from my provider). I suppose someone affiliated with de.generic4all.com is trying out some sort of snow-shoeing mass mailer? I've never seen anything quite like it before. More than usually annoying and ineffectual if the actual mission is to coax sad souls to the target website. Oh well, who can know the mind of the spammer? Is that even "proper" idiomatic German in the message body? The Subject:, by the way (since the parser doesn't render it from Base64), is "Bist Du schlecht im Bett?". Spammers lie. Link to comment Share on other sites More sharing options...
lisati Posted January 20, 2012 Share Posted January 20, 2012 Interesting to note that the parse spotted that 94.76.100.139 is an open proxy and is also listed in cbl.abuseat.org Link to comment Share on other sites More sharing options...
Farelf Posted January 20, 2012 Author Share Posted January 20, 2012 Well spotted. Only 109.107.0.210 (Homenet Softlab, Gdansk, Poland) was not shown as open relay and not listed in CBL, all the others were the same as 94.76.100.139. No matter what, each of them seems to have operated as an outgoing SMTP terminal and was trustingly accepted by iiNet - like "Received: from unknown (HELO generic4all.com) ([109.107.0.210])" which is a nonsense. Oh well, I have spam filtering turned off at the account level anyway, I suppose a goodly proportion of the little spam I still get comes through with issues like that, I don't think I've ever really looked. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.