Dopey Names in From Line

[MrNGS]

I'm wondering if we have any information on the source of the numerous spam items I get with the oddly annoying yet creative names in the from line.

Just today, I find Goo Q. Rekindles and Architects L. Outraging.

This is obviously some person who is trying to get our attention, poke us with a larger-than-usual stick, and maybe try to make us laugh a little. I'm not sure of this makes him/her more sinister and annoying or less.

Any info would be appreciated.

Thanks,

-M!

[Wazoo]

My call .. this post seems more than a bit odd. Lack of data, a bit of a silly request actually with no background, details, examples, etc ... I can only see that the post was being used to mask the posting of a URL in order to get some search engine ratings. The fact that the posted URL was found to be a redirect to yet another URL didn't score any good pounts. URL removed from that post, user name changed, warn flag set on that account.

What was asked was "any information on the source of the numerous spam items" .. which would involve the usual request for a Tracking URL .... The only data provided was in the following query change regarding something that is hardly worth trying to try fathom .. why a spammer would disguise his/her identity? .... geeze, why does a spammer spam?

[MrNGS]

Wow.

I certainly meant it as a legitimate question and assumed the source of these rather unique spams I and others have seen and discussed would be known and fairly infamous in expert circles. That's why I came here to ask.

Conducting research often involves consulting experts one trusts, as I have trusted SpamCop for several years now.

No nefarious intentions here, I promise. Just seeking information.

Forgive me if this was an inappropriate place to do so or if you aren't in a mood to help.

We have a world to repair. Asking questions helps. As does smiling.

-M!

[Wazoo]

I certainly meant it as a legitimate question and assumed the source of these rather unique spams I and others have seen and discussed would be known and fairly infamous in expert circles. That's why I came here to ask.

When asking for "the source" .. one is usually talking about "where they are coming from" .... IP address is where that answer starts.

Conducting research often involves consulting experts one trusts, as I have trusted SpamCop for several years now.

Google, GoogleGroups (news.admin.net-abuse.email, news.admin.net-abuse.sightings for example) ... show no returns for either item you specify. So this would feed into the 'normal' scenario of names and such generated on the fly .. perhaps you are the only one that received those specific spams .. or the others just did the Delete thing ...???

No nefarious intentions here, I promise. Just seeking information.

Forgive me if this was an inappropriate place to do so or if you aren't in a mood to help.

42199[/snapback]

You chose the appropriate Forum section to ask a question that wasn't directly related to how SpamCop.net works. It's just that the question is dealing with the philosophy of getting the recipient to actually read the spam. No one here is going to tell you to open/read your spam. If you want something analyzed, that data has to be provided.

If one is to imagine that your actual query was to try to tie your samples to a particular spammer, you're back to the spam itself as having that kind of data. This is not a request for spam to be posted here (see Tracking URL in the Glossary / Ditionary / FAQ)

[Wazoo]

Brought here from a PM;

I was saddened by your initial reply to my sincere request for information.

Sorry you were saddeed. I on the other hand was dealing with the emotions of waht seemed to be a thinly disguised attempt at boosting search engine ratings for a podcast. As stated, the use of the podcast name as a user name, the posted URL turning out to be a redirect to another URL only seemed to reinforce the "someone is playing games" image.

As a reference librarian, I often must deal with patrons who do not have sophisticated information-seeking or even more basic skills in posing a query as perfectly as I might like.

Yes, this happens every day here .. folks ignorant on how things actually work, folks that don't speak English as their primary language, some folks hell bent on getting their viewpoint across .. damn the facts and details .... On the other hand, the term "reference librarian" would suggest knowledge of searching for info, looking at things presented, connecting a dot or two along the way. I intentionally placed a number of items that appear on screen in an attempt to guide folks to ask better questions so that this type of thing doesn't have to happen.

In graduate school, we librarians are trained to conduct a reference interview to determine a patron's needs, assuming their sincerity and our commitment to a better world in providing the information they need. Perhaps you know a librarian or have received help from one when you didn't know where to turn for information.

I pointed out flaws in your original query, suggested specific items for further research if desired/needed, offered other resources to look things up ... I don't see a response to any of that. Yes, I know librarians, have in fact built and maintained libraries myself for technical research at a few military sites around the world. Unfortunately, I would have to say that my research needs have generally been a bit beyond the capabilities of most librarians I've dealt with, most of that probably due to access levels and such .... but also have to admit that I'm not the average kind of guy ...

As a side note, there was also the issue of too much blatant advertising wrapped around the query. The link provided being a redirect which is standard spammy action couldn't be ignored. As stated, I made the call, performed the actions.

I've heard Mr. Haight interviewed in the past and he seemed like such a pleasant, sharp guy.

Yes, Julian is definitely an interesting guy. But perhaps should also point out here to the additional data made available .. this is primarily a user-to-user support Forum for the use and operation of the toolset provided by SpamCop.net.

I figured this would be a good place to ask, in preparation for dealing with this on a podcast I host.

Repeat, the question you've asked thus far is devoid of sufficient detail needed to play the game. You want to tie a "unique" spam to a specific spammer. That would require analyzing the spam itself ... content, structure, source, frequency, on and on .... foe example, see http://www.spamhaus.org/rokso/ .... much analysis and compilation done there. You'll note that the From: line data is way down on the list of "identifiable" data bits.

I'll look elsewhere.

Feel free to close the forum account. I won't bother you again.

I wish you peace and understanding.

And again, I've offered up alternate resource paths for you to pick up some data in the hopes that you can ask a better question. Closing an account is rarely done here .... the people that have asked to close an account then magically reappeared later and opening another is a bit too legion .... There a lots of folks here willing to help, assist, point, prod, whatever .. but there has to be something to work with ...

PM responded to with a pointer back to "here"

[Miss Betsy]

The random subject lines and senders are attempts by the spammers to evade content filters - the randomness sometimes does produce amusing senders and subjects. Some senders and subjects are designed to look legitimate enough that the receiver will open the spam and maybe get hooked.

My personal unscientifc theory is that some spam is sent by people with the same mentality as virus writers - as a game to see how many filters they can evade and people to open their spam. In that case, they might use amusing senders and subjects on purpose, I suppose. However, there is no one else who subscribes to that theory so it is more likely that it is just random selections that almost make sense.

The only 'source' that can be identified is the IP address from which the spam came. There are 'known' spammers and perhaps some spam can be identified as 'theirs', but in general, it is a useless task to track a spammer. Most ISPs now rely on DNSbls (DNS Blocklists) and content filters - usually a combination of different ones in order to reduce spam to their users. Compentent ISPs also have various techniques to identify spam leaving their systems and stop it immediately. Unfortunately, there are several large players who don't care like Yahoo and Comcast.

Hope this answers your question. Wazoo always wants to be helpful, but the way I read your post, there is no particular 'help' for your query because no one really has an answer - except possibly the spammers who wouldn't be likely to tell their trade secrets on an anti-spam forum. Whatever the URL was and why you included it are similar to other tricks that people use that have nothing to do with asking a legitimate question which also explains parts of his answer.

Miss Betsy

[qjvgpuryy]

Here's my two cents - straight from the BlackList folder.

http://www.spamcop.net/sc?id=z923722373z02...a05710d29e1c23z

http://www.spamcop.net/sc?id=z923722377ze2...4bf14fea7d183fz