[Cialug] odd spam

Jerry Heiselman jweida at gmail.com
Thu Apr 27 11:56:18 CDT 2006 

One of the things that I've done in the past was to configure spamassassin
to mark email as spam if it contains more than x% of images.  You get some
false positives, but unless you are just trashing them, then you can tell
your users to check their junk mail folders regularly.

On 4/27/06, Matt Patterson <matt at usrlocal.com> wrote:
>
> This looks like a message that my company (MailFoundry) refers to as gif
> spams.  It is a different
> beast than the typical spam and has been challenging (but not impossible)
> to stop.    Most of
> these spam messages are a simple image talking about a hot new crappy
> stock that is expected
> to go big in the next few days.  There is no link to click. The call to
> action is that you are getting
> the information in hopes that you go to a site and buy the stocks.
>
> We're starting to see more of these with the watches and mortgages loan
> scams as well.
>
> It's one of the newer trends of spam messages.
>
> Matt Patterson
> matt at usrlocal.com
>
>
>
> On Thu, 27 Apr 2006 7:27:56 -0600 (CST), "Nathan C. Smith" <
> smith at ipmvs.com> wrote:
> >
> > Looks like they want to see if the message gets opened in an HTML mail
> > reader to see if the address really exists.  Look up SPAM beacon.
> >
> > > -----Original Message-----
> > > From: Stephen Hawkins [mailto:ng0g at mchsi.com]=20
> > > Sent: Thursday, April 27, 2006 6:12 AM
> > > To: Central Iowa Linux Users Group
> > > Subject: [Cialug] odd spam
> > >=20
> > >=20
> > > CIALUG,
> > >=20
> > > I have been getting several emails like this a day for the=20
> > > past two days.  The=20
> > > address contained in the html body of the email is not always=20
> > > the same, but=20
> > > the rest of the body is always the same.
> > >=20
> > > I keep my email program set on text only.
> > > Any idea what kind of scam is going on here.
> > >=20
> > > Thanks,
> > > Steve
> > >=20
> > > --------------------------------------------------example-----
> > > --------------------------------
> > > > Received: from pool-151-196-52-48.balt.east.verizon.net=20
> > > > ([151.196.52.48])
> > > > =A0 =A0 =A0 =A0 =A0 by sccqmxc92.asp.att.net (sccqmxc92) with SMTP
> > > > =A0 =A0 =A0 =A0 =A0 id <20060427104152q9200861aee>; Thu, 27 Apr
> 2006=20
> > > 10:41:52 +0000
> > > >  X-Originating-IP: [151.196.52.48]
> > > >  Received: from wd.zvhr ([151.196.82.36])
> > > > =A0=A0=A0=A0=A0=A0=A0=A0by
> pool-151-196-52-48.balt.east.verizon.net=20
> > > (8.13.1/8.13.1) with
> > > > SMTP id k3RAijSp061877; Thu, 27 Apr 2006 06:44:45 -0400
> > > >  Message-ID: <002001c669e7$2d8cecf9$2452c497 at wd.zvhr>
> > > >  From: "Becky Crow" <kmplp at stantontechnologies.com>
> > > >  To: <ng0g at mchsi.com>
> > > >  Subject: broadcast mud
> > > >  Date: Thu, 27 Apr 2006 06:41:11 -0400
> > > >  MIME-Version: 1.0
> > > >  Content-Type: multipart/related;
> > > > =A0 type=3D"multipart/alternative";
> > > > =A0 boundary=3D"----=3D_NextPart_000_001C_01C669C5.A67B4CA5"
> > > >  X-Priority: 3
> > > >  X-MSMail-Priority: Normal
> > > >  X-Mailer: Microsoft Outlook Express 6.00.2800.1409
> > > >  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> > > >  Status: R
> > > >  X-Status: NT
> > > >  X-KMail-EncryptionState:
> > > >  X-KMail-SignatureState:
> > > >  X-KMail-MDN-Sent:
> > > >
> > > > Note: This is an HTML message. For security reasons, only=20
> > > the raw HTML=20
> > > > code is shown. If you trust the sender of this message then you
> can=20
> > > > activate formatted HTML display for this message by clicking here.
> > > >
> > > >
> > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">=20
> > > > <HTML><HEAD> <META http-equiv=3DContent-Type
> content=3D"text/html;=20
> > > > charset=3Dwindows-1252"> <META content=3D"MSHTML 6.00.2800.1409"=20
> > > > name=3DGENERATOR> <STYLE></STYLE>
> > > > </HEAD>
> > > > <BODY bgColor=3D#ffffff>
> > > > <DIV><FONT face=3DArial size=3D2><IMG alt=3D"" hspace=3D0
> > > > src=3D"cid:001b01c669e7$2d8cec90$2452c497 at wd.zvhr" align=3Dbaseline
> > > > border=3D0></FONT></DIV>
> > > > </BODY></HTML>
> > > > acquainted.gif
> > > ----------------------------------------------------end-------
> > -----------------------------------
> > >=20
> > >=20
> > > --=20
> > > 73 49 111 01001001
> > > Steve Hawkins NG0G
> > > ng0g at arrl.net
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> > >=20
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> >
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20060427/ff418480/attachment.html

More information about the Cialug mailing list