cppgenius Posted July 10, 2008 Share Posted July 10, 2008 We all know spammers love to transgress the e-mail standards (or any standards for that matter). Lately i've seen several multipart/alternative spam e-mails without the text/html version. 1. Is it a way to bypass the spam filters, I really can't see how, because a proper spam filter should penalise an e-mail containing different plain-text and html versions. In this case it is not really a different html version it is completely missing. 2. Are they trying to break the parser of services like spamcop? Again I can't see how, the e-mail still has proper boundaries, it can only pose a problem to a parser that ignores the text version in a multipart e-mail. Any ideas what the spammers are trying to achieve, below is an example of such an e-mail? X-Apparently-To: x via 22.214.171.124; Tue, 01 Jul 2008 22:56:48 -0700 X-YahooFilteredBulk: 126.96.36.199 X-Originating-IP: [188.8.131.52] Authentication-Results: mta220.mail.re3.yahoo.com from=yahoo.com; domainkeys=neutral (no sig) Received: from 184.108.40.206 (HELO mta220.mail.re3.yahoo.com) (220.127.116.11) by mta220.mail.re3.yahoo.com with SMTP; Tue, 01 Jul 2008 22:56:47 -0700 Received: from 240.35.121.227 by; Wed, 02 Jul 2008 07:54:16 +0200 From: "Horace " <npcoaiycqmmc[at]yahoo.com> Reply-To: "Horace " <njwjdajtg[at]yahoo.com> To: x Subject: Same meds but much cheaper Date: Tue, 19 Jan 38 03:14:07 GMT X-Mailer: Microsoft Outlook Express 5.00.2919.6700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--5382928713776627084" X-Priority: 3 X-MSMail-Priority: Normal ----5382928713776627084 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Hello ! Now you have the opportunity to save your time and money! With US based online p/h/a/r/m/acy store you can buy any meds you need! Forget about prescriptions and doctors. Now you save your time. Forget about high prices at local stores. Save your money now! Go visit http://nomffioew.info seplg ----5382928713776627084-- Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.