Jump to content

spam: how it's made


Recommended Posts

Received: from x (x [REA.LIP.ADD.RES])
	by my.mail.server (8.11.6/8.11.6) with ESMTP id WQRTETQRT
	for <x>; Fri, 23 Feb 2007 20:26:09 +0200 (EET)		 
Received: from x (x [SOU.RCE.ADD.RES] (may be forged))
	by x (8.13.6/8.13.6) with ESMTP id WQRTETQRT
	for <x>; Fri, 23 Feb 2007 21:12:08 +0300 (EET)		 
Date: Fri, 23 Feb 2007 21:12:06 +0300 (EET)

and then the best part:

Received: from 192.168.0.%RND_DIGIT (x-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for <%TO_EMAIL>; %CURRENT_DATE_TIME
Message-Id: <%RND________________WORD[at]mail%SINGSTAT.%RND_FROM_DOMAIN> 
From: "%FROM_NAME" <[at]FROM_EMAIL>								
X-SpamPal: PASS	

so - the only real header is the first... all others - fake just to make last line X-SpamPal: PASS.

spamcop parser discards the second part, as it knows my mail hosts...

other tools are being fooled by it.

plain and simple, and - thus - spamcop may delete it from report (in my opinion) because that string: SINGSTAT, in second part of the code, will be my mail.mysubdomain.com, which never really exist, therefore reveling my identity.

the headers are taken from message that somehow slipped out from zombie with empty form fields. All they do - fill forms. :)

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...