[LINK] DOS Spam
Rachel Polanskis
grove at zeta.org.au
Thu Nov 1 18:30:04 AEDT 2012
I have been getting that one periodically for months. Each time, it is the same thing, but
slightly different images in each set. I think it is just a benign conspiracy theory....
rachel
--
rachel polanskis
<r.polanskis at uws.edu.au>
<grove at zeta.org.au>
On 01/11/2012, at 18:04, Richard Chirgwin <rchirgwin at ozemail.com.au> wrote:
> Roger,
>
> It seems to be a kook rather than an attacker. Here's a Reddit thread:
> http://www.reddit.com/r/WTF/comments/l44r1/i_just_got_this_email_at_work_i_have_no_idea_what/
>
> The blogs from which it originated have been pulled by Wordpress for
> terms-of-service violations.
>
> It's supposed to render an image with some psuedo-prophetic mumbo-jumbo.
>
> Richard C
>
> On 1/11/12 4:04 PM, Roger Clarke wrote:
>> I've wondered for years about the risk of email being blocked by
>> large-scale spam.
>>
>> I assume that there are filters at various points in the network,
>> including at individual IAPs, that block the most extreme forms of
>> attachment-laden emails.
>>
>> But I just got one (well two copies of the same email) with 299 files
>> totalling 7.5MB). Headers below.
>>
>> I for one have never have never got around to converting from POP to
>> IMAP, but if this spam is a sign of things to come, maybe we'll all
>> be needing to do so.
>>
>> ________________________________________________
>>
>> Return-path: <233558938299 at dysgo.org>
>> Envelope-to: Roger.Clarke at xamax.com.au
>> Delivery-date: Thu, 01 Nov 2012 15:51:57 +1100
>> Received: from maildrop2.anu.edu.au ([130.56.64.108]:48517)
>> by cpanel01.infinite.net.au with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
>> (Exim 4.80)
>> (envelope-from <233558938299 at dysgo.org>)
>> id 1TTml2-0003Mh-3Q
>> for Roger.Clarke at xamax.com.au; Thu, 01 Nov 2012 15:51:57 +1100
>> Received: from mailin1.anu.edu.au (snatpool01-5.anu.edu.au [130.56.66.109])
>> by maildrop2.anu.edu.au (8.13.8/8.13.8) with ESMTP id qA14pwmV026251
>> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:58 +1100
>> Received: from mailin1.anu.edu.au (localhost.localdomain [127.0.0.1])
>> by localhost (Postfix) with SMTP id 5C4D617E8004
>> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:57 +1100 (EST)
>> Received: from server94.dysgo.org (unknown [199.116.118.58])
>> by mailin1.anu.edu.au (Postfix) with ESMTP id 60F7A17E8003
>> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:48 +1100 (EST)
>> Received: from server94.dysgo.org (server94.dysgo.org [199.116.118.58])
>> by server94.dysgo.org (Postfix) with ESMTP id 190942368464
>> for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
>> Message-ID: <8702985.1351745506092.JavaMail.972496728454 at server94.dysgo.org>
>> Date: Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
>> From: 233558938299 at dysgo.org
>> To: roger.clarke at anu.edu.au
>> Subject: 462948042433
>> Mime-Version: 1.0
>> Content-Type: multipart/mixed;
>> boundary="----=_Part_247_29775659.1351745506081"
>> X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379,
>> Antispam-Data: 2012.11.1.44226 external
>> X-Spam-Score: * (5)
>> X-PMX-Spam-Score: # (28%)
>> X-PerlMx-Spam: Gauge=XXIIIIIIII, Probability=28%, Report='
>> FROM_ALL_NUMS 1.8, HTML_999_100 0.6, EMPTY_BODY 0.1, HTML_90_100
>> 0.1, HTML_95_100 0.1, HTML_98_100 0.1, HTML_99_100 0.1, HTML_NO_HTTP
>> 0.1, SUBJ_1WORD 0.1, MIME_LOWER_CASE 0.05, JPG_COMMON_HEADER_ORDER 0,
>> JPG_PIXPERBYTE_HIGH 0, JPG_PIXPERBYTE_MED 0, JPG_SPAMMY_SEGMENT 0,
>> JPG_SPAMMY_Y_RESOLUTION 0, JPG_SPAM_ATTACHED 0, LINK_TO_IMAGE 0,
>> NO_REAL_NAME 0, RDNS_NXDOMAIN 0, RDNS_SUSP 0, RDNS_SUSP_GENERIC 0,
>> __ANY_URI 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0,
>> __CTYPE_MULTIPART_MIXED 0, __EMBEDDED_IMG 0, __FRAUD_SUBJ_ALLCAPS 0,
>> __FROM_JUST_NUMBER 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0,
>> __JPG_HEIGHT_100 0, __JPG_SPAMMY_SEGMENT_2 0,
>> __JPG_SPAMMY_Y_RESOLUTION_1 0, __JPG_SPAMMY_Y_RESOLUTION_2 0,
>> __JPG_SPAMMY_Y_RESOLUTION_3 0, __JPG_SPAMMY_Y_RESOLUTION_4 0,
>> __JPG_SPAMMY_Y_RESOLUTION_5 0, __JPG_WIDTH_100 0, __MIME_HTML 0,
>> __MIME_VERSION 0, __RUS_MIME_NO_TEXT 0, __SANE_MSGID 0,
>> __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0,
>> __URI_NO_MAILTO 0, __URI_NO_PATH 0, __URI_NO_WWW 0'
>>
>> <x-html><!x-stuff-for-pete base="" src="" id="0"
>> charset="iso-8859-1/macintosh"><HTML><HEAD>
>> <META content="text/html; charset=utf-8" http-equiv=Content-Type>
>> </HEAD>
>> <BODY>
>> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:391435062178.jpg" /);
>> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:186055462795.jpg" /);
>>
>> ...
>>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
More information about the Link
mailing list