eeeenteresting! 😉

i got this email message today. it’s not from somebody i know, which usually indicates that it is spam, but in this case, i was, initially, lead to a different conclusion. on the surface, the message looked like this:

I would like to buy your arts
Date: Friday 181116 09:02AM
From: Piper Dover <Marcel at thermaclick dot biz>
To: (my email address)
Good morning! I found your projects in the internet and I need to make a gift for my father.
If it is not hard for you please, help me with the order.
Write me back when you will be on your workplace, please..
Kind regards, I expect your reply, I will send all details that I am interested in.

this is… okay, the person doesn’t speak english too well, but they’re able to convey, which is the important part. but “found your projects in the internet” is a little troubling, because, as far as i know, these days, “my projects” are all on my domains — przxqgl.info, puggryduckling.com, hybridelephant.com and friendlyswastika.art — which, admittedly, are “in the internet” and would even probably be referred to as such by people who don’t understand “the internet”, but it’s still something that makes me wonder. another thing that caught my attention right away is that it is “From:” Piper Dover, whose email address is “Marcel at thermaclick dot biz”. i don’t know about you, but i don’t know ANY “real” person whose email address contains a name that is not their real name… which means that, either, this person’s name is not “piper”, or this person’s name is not “marcel”, and, very likely, both of them. NOT a good sign. “make a gift for my father” also makes me wonder, because the “gifts” that i have are not ones that i would think of as ones that i would give to my father, but it takes all kinds, and it’s possible that they were actually referring to my pipes, or bongs… or, maybe, they want me to make something in the style of something else that they’ve seen “in the internet”. also troubling are the “help me with the order” and “when you will be on your workplace” statements, as both of them are irrelevant.

but where the message started to get strange was when i looked at the headers…

yes, i ALWAYS look at the headers for “suspicious” emails, before i do anything else. don’t you? if not, WHY NOT?? 😕

… where i discovered that, if i had “replied” to this message, it would not have gone to “Marcel at thermaclick dot biz”, but, instead, would have gone to “isabellayehudit28 at gmail dot com”, because of a header called “Reply-To:” which nobody knows about these days, but has been a standard part of email for as long as email has been around… and who is “isabella yehudit 28”??? why is she getting in the way of my communicating with “piper” or “marcel” or whoever he is?

at this point, i reached the conclusion that it was, in fact, spam, and proceeded to report it as such. it turned out that the message was sent from the russian federation, thermaclick dot biz is blocked by URIBL, and the message is Base64-Encoded, all of which are STRONG indicators of spammy activity.

the point being that even experts can get confused sometimes, so don’t rely on what they say, but do the extra steps necessary to prove it for yourself. 👍