Farelf Posted December 30, 2008 Share Posted December 30, 2008 I'm getting a few fake NDRs (probably) from botnets sailing through my home-system filtering lately (that's OK, I would feel entirely marginalized with none at all) - example http://www.spamcop.net/sc?id=z2487219743z0...40ef2527db0a8fz Variable subjects such as "Returned mail: User unknown", "Returned mail: see transcript for details" (but no transcript) and "his mail is refused message". These have my address as "From:", "To:" and "Return-Path:" (which sort of spoils the NDR illusion) and a Base64 encoded bit of HTML with the standard ""Having trouble viewing this email? Click here to view as a webpage." and a CNC-hosted wesite (variable domains with cheesy names like "beautycrease") on IP addresses 18.104.22.168 and 22.214.171.124 (so far), all with a remote image at same - the infamous 8dvs9.jpg (webbug?). Now, while these are properly declared "Content-Type: base64" I'm not at all sure how readable these things might be to the average e-mail client with typical configuration options. Certainly the encoding is enough to stop SC getting to the links. Not that CNC Group is going to restrict spamming efforts (or worse) from its domains. In fact, with the PRC's much-vaunted "control" of the internet within its borders, one could almost assume it is state policy to spam (predominantly) the USA and thus attack the citizens therein - certainly such efforts directed at Chinese citizens would just about be worth a bullet in the back of the neck (with cost debited to surviving family). Still, the money trail probably leads back to the USA - most do, it is said. Incidentally, I see the "From:" and "Return-Path:" addresses (mine) are munged these days. There was a time when (though munging optioned in reports) that did not happen. Or did I just dream that? Can't seem to reference any discussion along those lines but thought Don confirmed it once? No matter, munged they now are. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.