Tag Archives: spam

spam, again…

i don’t often admit to hating pretty much anything, but i will admit, whole-heartedly, to hating spam with a white-hot passion… πŸ˜›

i’m going to use this as an example of how i determine something which is not labled spam, is actually spam.

the following is a text-dump of the entire message, with the headers intact. the only thing i have done is to obscure my host server.

Return-path: <x>
Envelope-to: ganesha@hybridelephant.com
Delivery-date: Fri, 01 Oct 2010 03:40:48 -0700
Received: from hybridel by x with local (Exim 4.69)
     (envelope-from )
     id 1P1d2m-0005OP-Im
     for ganesha@hybridelephant.com; Fri, 01 Oct 2010 03:40:48 -0700
To: "salamandir" <ganesha@hybridelephant.com>
Subject: Enquiry from Hybrid Elephant
X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169
From: "Randall Tuttle" <rachelle258@gmail.com>
MIME-Version: 1.0
X-Mailer: osCommerce Mailer
Content-Type: text/plain;
  charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-Id: <E1P1d2m-0005OP-Im@x>
Sender:  <hybridel@x>
Date: Fri, 01 Oct 2010 03:40:48 -0700
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.583091, version=1.2.0
X-UID: 
Status: RO
X-Status: R
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:  

We noticed that you are not at the top of the search engines for a number of your key terms.
We have helped companies similar to yours to achieve top organic rankings. Please reply to this
message and we will prepare a special proposal for you, to show you how we can achieve similar
results for you.

first, i look at the subject line: “Subject: Enquiry from Hybrid Elephant

this is not labled “spam” because it’s an enquiry from my web site, which means that if it turns out to be spam, i can’t report it, because it doesn’t have a message path that can be traced. i get a lot of spammers trying to abuse my response form (hint, it only sends to me, so it’s not much use for spamming), so that increases the probability that it is, actually, spam.

next, i look at the sender name and email address. usually people who submit legitimate enquiries to my business have an email address that doesn’t stand out. this one – From: "Randall Tuttle" <rachelle258@gmail.com> – stands out: “Randall Tuttle” has an email address that includes the name “rachelle”? the probability that it actually is spam just went up to 99.98%. i have never seen an example of a message that comes from someone who is apparently male, which has an email address that includes a female name, unless they were trying to mislead people in some way.

as i said, because of the fact that it is an enquiry from my web site, i can’t report it, but i can delete it without even reading further.

but i am going to force myself to read further, because deep down, i am a masochist… or something like that…

We noticed that you are not at the top of the search engines for a number of your key terms.

now i’m starting to get perturbed… i knew i shouldn’t have read any further… patience, patience… 😐

yes, i know that. it is because i haven’t gotten to the top yet. if you google “html escape sequences” you’ll probably notice my site within the top 5 on the list. that is because i have offered the only complete list of html escape seqences on the net, for the longest time, without changing its URI. i haven’t been offering incense for anywhere near as long as i have had that list of escape sequences on the net. not only that, but i just upgraded from a flat html structure to a php/database structure within the past couple of years. one of the advantages is that if you search for specific products, like “aparajita special durbar incense” you will find my web site on the first page, despite the fact that i have upgraded my web site recently.

yeah, i’m not at the top of the list for all of my keywords, but i’m getting there, and if i leave my web site alone for long enough, i’ll probably get there without using possibly illegal and most likely nefarious ways to get there sooner, which is what you’re probably suggesting…

We have helped companies similar to yours to achieve top organic rankings.

organic ratings? organic ratings!? nothing about the web is “organic” in any sense of the term. and if they were, in some miraculous way, “organic” ratings, then why would a person named “Randall” be trying to sell them to me, writing to me from “rachelle”‘s email address, at gmail.com?

Please reply to this message and we will prepare a special proposal for you, to show you how we can achieve similar results for you.

reveal more about how my mailserver works to you, and give you new and innovative ways to break into my web site and email server, so that you can “prepare a special proposal” for me? i don’t think so, especially since you haven’t actually proven to me that you have actually done that for anyone.
 

PLONK!!!
 
for those of you unfamiliar with the term, “plonk” is the sound a spam message makes when it is deleted,
or the sound of a person’s email address being added to a “do not send” or “banned” list.

 
oh, by the way, the form gives me a little bit more information about the sender than he probably realises:

X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169

aha, his IP address. a quick “host 122.163.114.169” tells me that his computer is named “abts-north-dynamic-169.114.163.122.airtelbroadband.in” which is a dynamic range coming from AirTel Broadband, in india.

yeah, i’m really going to respond to a person who didn’t give me his real name, offering sketchy SEO services from a wireless connection in india… 😐

by the way…

LinkedIn Zeus spam run targets prospective business marks – i’ve been getting this spam for three weeks and i haven’t picked up the ZeuS trojan yet…

of course, i haven’t been clicking on any links in mail that crosses my desk labled as “spam”, and i have been reporting messages that claim to be from LinkedIn that are labled “spam” for three weeks… i have opened (as text-only, not as html) precisely one message that claimed to be from LinkedIn that was labled “spam”, about three weeks ago, to determine that it was, in fact, spam, and that has been it.

once again, the principal reason that email should not be sent as “formatted” or containing html code, is because, if it is, you can’t tell immediately that things are not as they should be. most people don’t think to look at the bottom of their screen, at the status bar of their email client or browser, to make sure that the link that they think they’re clicking is actually the link they’re clicking. most people assume that when they see a link, if they click on it they will be taken to the site indicated in the link, but that is NOT TRUE and especially so when the link is in an email message.

if i type in a link – http://www.hybridelephant.com/ – if that link is “active” (which this one is not), most people would assume that clicking it will take you to the site indicated, which is Hybrid Elephant. however, if you see the words Hybrid Elephant with no link, unless you look down, at the status bar of your browser (because you are viewing it in a web page, which is formatted using HTML), you won’t know that the link takes you to somewhere you may not have been expecting.

email was originally intended for communication on a very basic level. the web was intended for delivering “richer”, more “complete” content. you can say “check this out” without saying it in letters that are “formatted”. it may be “cooler” to say it in bold, purple, 72-point letters, but if you send such a message, the only thing you’re doing is forcing people who may not want it, to get a large quantity of essentially meaningless code along with a relatively short message, and sending people the possibility of getting their machines infected with a virus without you or them knowing about it, until it’s too late.

it not only saves space, but doesn’t have the potential for screwing up someone’s entire machine, as this LinkedIn/ZeuS spam tries to do.

HTML in Email is EVIL!
TEXT-ONLY EMAIL!
THE WEB IS THE PLACE FOR HTML-FORMATTING!

πŸ˜›

spam sucks!

on saturday, i was present when a post to freecycle south king county arrived, with an offer of a tunturi recumbent bike. naturally, i replied instantaneously, but i got no response. two days later, i replied again, but no response. two days later, i replied a third time, but again, no response.

there has been no “taken” message posted to freecycleskc, so i decided to do a bit of sleuthing, and discovered that the person who posted the message has only posted one message, started their account shortly before posting that message, is not currently online, and hasn’t been online since saturday. to me, this is an indication that the post offering the recumbent bike is a ruse to get people who will be sent spam the “chance” to respond, so that the spammer will have their email addresses, which, then, will be added to spam lists that are circulated among other spammers.

i wrote the list owner for freecycleskc, a person with the charming email handle “PrayingMommy4”, who isn’t concerned, because the person “gave very good answers when they applied for membership a few days ago”, but i’m not convinced. to me, this has all the earmarks of a spam harvester, in fact it may be an automated process… 8/

a few days ago, i got a google alert for my name, which was a link to a spammer’s discussion group, where they were discussing this “opt in” list that had my email address, and other email addresses from spamcop.net on it, and the spammers were wondering whether or not this was “really” an “opt in” list or not. the conclusion of the discussion is that it was “really” an “opt in” list, but they recommended that they “not use” the spamcop.net addresses.

by the way, it’s off topic, but are there any speakers of what i assume is turkish out there, who can tell me what this is all about?

i have NEVER signed up for any “targeted” lists with my spamcop.net address, so any list that includes my spamcop.net address is, by definition, going to be reported as spam. automated processes and clueless list owners don’t make this any easier, but i’m going to keep reporting spam until i stop getting spam.

imagine a day where 100% of ALL EMAIL TRAFFIC ON INTERNET are legitimate messages, and not a single UCE of any kind… it’s possible, you know…

i don’t normally do this, but…

this is so over-the-top ridiculous that there has to be an exception this time…

McDonald’s announces a drink made of Shrek-jizz.

Mint Shrek-Jizz monstrosity

yeah…

not as if i ate at McD’s regularly (or irregularly) anyway, but this doesn’t encourage me in the least. it is either going to be good for business in a way that they probably haven’t realised yet, or it won’t last very long and they won’t know what you’re talking about once it’s gone…

i wonder how long it’s going to be before someone makes a bukkake joke and ruins it for everyone…

spammers

okay, this is getting ridiculous, but at the same time, i’m really glad i got myself far away from 1&1 internet services, and now i’m going to recommend that my associates distance themselves from 1&1 as well… and you spammers have succeeded in irritating me enough that i’m ranting about it in public. 😯

it started out with a spam message that “made it through” the spamcop defense, but didn’t make it through my local instance of spam assassin that i run on my local mail host. one of the reasons why i’m satisfied with doing so is that if i use a web-based service like yahoo, hotmail or gmail is that, none of my mail, contacts, calenders and that sort of thing “live” on a computer over which i have direct, physical control… and my information is my information, thank you. it also makes it a hell of a lot easier to parse headers and report the spam messages that do manage to sneak through my defenses (which are around 5 or so a week, these days). spam assassin puts the messages that it detects into my wastebasket, without any prompting from me, but if i’m feeling obstreperous, i’ll pull it out and report it anyway, which is what i did with a message that looked like it had come from me: it had someone else’s name, and my email address in the To: line – which is notoriously easy to spoof. it also had a URI that tracks directly back to oneandone.com.

yes, a host provider that i used, and then discarded a year ago when they tried to scam me, hosts spammers.

and spammers dumb enough to think that i might respond in any way other than the way i did, to a message that looks like it came from myself!

that’s all the justification i need to avoid them. 😐