[LINK] DOS Spam
Richard Chirgwin
rchirgwin at ozemail.com.au
Thu Nov 1 18:04:56 AEDT 2012
Roger,
It seems to be a kook rather than an attacker. Here's a Reddit thread:
http://www.reddit.com/r/WTF/comments/l44r1/i_just_got_this_email_at_work_i_have_no_idea_what/
The blogs from which it originated have been pulled by Wordpress for
terms-of-service violations.
It's supposed to render an image with some psuedo-prophetic mumbo-jumbo.
Richard C
On 1/11/12 4:04 PM, Roger Clarke wrote:
> I've wondered for years about the risk of email being blocked by
> large-scale spam.
>
> I assume that there are filters at various points in the network,
> including at individual IAPs, that block the most extreme forms of
> attachment-laden emails.
>
> But I just got one (well two copies of the same email) with 299 files
> totalling 7.5MB). Headers below.
>
> I for one have never have never got around to converting from POP to
> IMAP, but if this spam is a sign of things to come, maybe we'll all
> be needing to do so.
>
> ________________________________________________
>
> Return-path: <233558938299 at dysgo.org>
> Envelope-to: Roger.Clarke at xamax.com.au
> Delivery-date: Thu, 01 Nov 2012 15:51:57 +1100
> Received: from maildrop2.anu.edu.au ([130.56.64.108]:48517)
> by cpanel01.infinite.net.au with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
> (Exim 4.80)
> (envelope-from <233558938299 at dysgo.org>)
> id 1TTml2-0003Mh-3Q
> for Roger.Clarke at xamax.com.au; Thu, 01 Nov 2012 15:51:57 +1100
> Received: from mailin1.anu.edu.au (snatpool01-5.anu.edu.au [130.56.66.109])
> by maildrop2.anu.edu.au (8.13.8/8.13.8) with ESMTP id qA14pwmV026251
> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:58 +1100
> Received: from mailin1.anu.edu.au (localhost.localdomain [127.0.0.1])
> by localhost (Postfix) with SMTP id 5C4D617E8004
> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:57 +1100 (EST)
> Received: from server94.dysgo.org (unknown [199.116.118.58])
> by mailin1.anu.edu.au (Postfix) with ESMTP id 60F7A17E8003
> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:48 +1100 (EST)
> Received: from server94.dysgo.org (server94.dysgo.org [199.116.118.58])
> by server94.dysgo.org (Postfix) with ESMTP id 190942368464
> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
> Message-ID: <8702985.1351745506092.JavaMail.972496728454 at server94.dysgo.org>
> Date: Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
> From: 233558938299 at dysgo.org
> To: roger.clarke at anu.edu.au
> Subject: 462948042433
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_Part_247_29775659.1351745506081"
> X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379,
> Antispam-Data: 2012.11.1.44226 external
> X-Spam-Score: * (5)
> X-PMX-Spam-Score: # (28%)
> X-PerlMx-Spam: Gauge=XXIIIIIIII, Probability=28%, Report='
> FROM_ALL_NUMS 1.8, HTML_999_100 0.6, EMPTY_BODY 0.1, HTML_90_100
> 0.1, HTML_95_100 0.1, HTML_98_100 0.1, HTML_99_100 0.1, HTML_NO_HTTP
> 0.1, SUBJ_1WORD 0.1, MIME_LOWER_CASE 0.05, JPG_COMMON_HEADER_ORDER 0,
> JPG_PIXPERBYTE_HIGH 0, JPG_PIXPERBYTE_MED 0, JPG_SPAMMY_SEGMENT 0,
> JPG_SPAMMY_Y_RESOLUTION 0, JPG_SPAM_ATTACHED 0, LINK_TO_IMAGE 0,
> NO_REAL_NAME 0, RDNS_NXDOMAIN 0, RDNS_SUSP 0, RDNS_SUSP_GENERIC 0,
> __ANY_URI 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0,
> __CTYPE_MULTIPART_MIXED 0, __EMBEDDED_IMG 0, __FRAUD_SUBJ_ALLCAPS 0,
> __FROM_JUST_NUMBER 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0,
> __JPG_HEIGHT_100 0, __JPG_SPAMMY_SEGMENT_2 0,
> __JPG_SPAMMY_Y_RESOLUTION_1 0, __JPG_SPAMMY_Y_RESOLUTION_2 0,
> __JPG_SPAMMY_Y_RESOLUTION_3 0, __JPG_SPAMMY_Y_RESOLUTION_4 0,
> __JPG_SPAMMY_Y_RESOLUTION_5 0, __JPG_WIDTH_100 0, __MIME_HTML 0,
> __MIME_VERSION 0, __RUS_MIME_NO_TEXT 0, __SANE_MSGID 0,
> __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0,
> __URI_NO_MAILTO 0, __URI_NO_PATH 0, __URI_NO_WWW 0'
>
> <x-html><!x-stuff-for-pete base="" src="" id="0"
> charset="iso-8859-1/macintosh"><HTML><HEAD>
> <META content="text/html; charset=utf-8" http-equiv=Content-Type>
> </HEAD>
> <BODY>
> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:391435062178.jpg" /);
> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:186055462795.jpg" /);
>
> ...
>
More information about the Link
mailing list