[LINK] DOS Spam

Roger Clarke Roger.Clarke at xamax.com.au
Thu Nov 1 16:04:44 AEDT 2012


I've wondered for years about the risk of email being blocked by 
large-scale spam.

I assume that there are filters at various points in the network, 
including at individual IAPs, that block the most extreme forms of 
attachment-laden emails.

But I just got one (well two copies of the same email) with 299 files 
totalling 7.5MB).  Headers below.

I for one have never have never got around to converting from POP to 
IMAP, but if this spam is a sign of things to come, maybe we'll all 
be needing to do so.

________________________________________________

Return-path: <233558938299 at dysgo.org>
Envelope-to: Roger.Clarke at xamax.com.au
Delivery-date: Thu, 01 Nov 2012 15:51:57 +1100
Received: from maildrop2.anu.edu.au ([130.56.64.108]:48517)
	by cpanel01.infinite.net.au with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.80)
	(envelope-from <233558938299 at dysgo.org>)
	id 1TTml2-0003Mh-3Q
	for Roger.Clarke at xamax.com.au; Thu, 01 Nov 2012 15:51:57 +1100
Received: from mailin1.anu.edu.au (snatpool01-5.anu.edu.au [130.56.66.109])
	by maildrop2.anu.edu.au (8.13.8/8.13.8) with ESMTP id qA14pwmV026251
	for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:58 +1100
Received: from mailin1.anu.edu.au (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id 5C4D617E8004
	for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 15:51:57 +1100 (EST)
Received: from server94.dysgo.org (unknown [199.116.118.58])
	by mailin1.anu.edu.au (Postfix) with ESMTP id 60F7A17E8003
	for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 15:51:48 +1100 (EST)
Received: from server94.dysgo.org (server94.dysgo.org [199.116.118.58])
	by server94.dysgo.org (Postfix) with ESMTP id 190942368464
	for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 07:51:46 +0300 (MSK)
Message-ID: <8702985.1351745506092.JavaMail.972496728454 at server94.dysgo.org>
Date: Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
From: 233558938299 at dysgo.org
To: roger.clarke at anu.edu.au
Subject: 462948042433
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_Part_247_29775659.1351745506081"
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, 
Antispam-Data: 2012.11.1.44226 external
X-Spam-Score: * (5)
X-PMX-Spam-Score: # (28%)
X-PerlMx-Spam: Gauge=XXIIIIIIII, Probability=28%, Report='
  FROM_ALL_NUMS 1.8, HTML_999_100 0.6, EMPTY_BODY 0.1, HTML_90_100 
0.1, HTML_95_100 0.1, HTML_98_100 0.1, HTML_99_100 0.1, HTML_NO_HTTP 
0.1, SUBJ_1WORD 0.1, MIME_LOWER_CASE 0.05, JPG_COMMON_HEADER_ORDER 0, 
JPG_PIXPERBYTE_HIGH 0, JPG_PIXPERBYTE_MED 0, JPG_SPAMMY_SEGMENT 0, 
JPG_SPAMMY_Y_RESOLUTION 0, JPG_SPAM_ATTACHED 0, LINK_TO_IMAGE 0, 
NO_REAL_NAME 0, RDNS_NXDOMAIN 0, RDNS_SUSP 0, RDNS_SUSP_GENERIC 0, 
__ANY_URI 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, 
__CTYPE_MULTIPART_MIXED 0, __EMBEDDED_IMG 0, __FRAUD_SUBJ_ALLCAPS 0, 
__FROM_JUST_NUMBER 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0, 
__JPG_HEIGHT_100 0, __JPG_SPAMMY_SEGMENT_2 0, 
__JPG_SPAMMY_Y_RESOLUTION_1 0, __JPG_SPAMMY_Y_RESOLUTION_2 0, 
__JPG_SPAMMY_Y_RESOLUTION_3 0, __JPG_SPAMMY_Y_RESOLUTION_4 0, 
__JPG_SPAMMY_Y_RESOLUTION_5 0, __JPG_WIDTH_100 0, __MIME_HTML 0, 
__MIME_VERSION 0, __RUS_MIME_NO_TEXT 0, __SANE_MSGID 0,
  __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, 
__URI_NO_MAILTO 0, __URI_NO_PATH 0, __URI_NO_WWW 0'

<x-html><!x-stuff-for-pete base="" src="" id="0" 
charset="iso-8859-1/macintosh"><HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
</HEAD>
<BODY>
<P><IMG border=0 hspace=0 alt="" align=baseline src="cid:391435062178.jpg" /);
<P><IMG border=0 hspace=0 alt="" align=baseline src="cid:186055462795.jpg" /);

...

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list