wtf: "Make her Smile bho c qpalx"

John E. Malmberg wb8tyw at qsl.net
Thu Feb 6 12:30:44 GMT 2003


[posted and mailed]

Kätzler, Ralf wrote:
> Someone is kidnapping my mailaddress

Spammers will do that.

Maybe the bogofilters will catch the next one, but the filter automagic 
learning works best when people do not quote the spam.  With bogofilter 
type filters, quoting the spam will lessen the weight of the keywords 
extracted, as they will have shown up in a mail marked legitimate.

The spammers have found a way around many of the filters by sending 
minimal text and a link to a picture of their spam message as they are 
assuming that people have allowed the mail programs to automatically 
open pictures on external links.

There is not enough text in the spam for the filter to use in most cases.

> - and someone has an open smtp-server ...
> Sorry, but there are always some kiddies out there with enough time for funny things.


The spam came from the address 203.58.28.51.

Abuse contact it tpg.com.au

http://www.samspade.org/t/rbl?a=203.58.28.51&r=on

  203.58.28.51 (mail.domane.com.au)
     listed in SPAMCOP(127.0.0.2) BOPM(127.1.0.20)

     SpamCop Blacklist (SPAMCOP): Blocked -
         see http://spamcop.net/bl.shtml?203.58.28.51
     Blitzed Open Proxy Monitor (BOPM): open proxy -
         see http://blitzed.org/proxy/?ip=203.58.28.51


The address used to send the spam is an open proxy, not an open 
smtp-server, but the effect is the same.

When an I.P. address is listed in BOPM, or proxies.relays.monkeys.com, 
it is likely that all the e-mail from it will be spam.  When the 
spammers find one of these open-proxies, they send as much spam as they 
can through it in bursts.  For the other customers of the ISP with an 
open-proxy, during these spam runs, this creates a denial of service attack.

So it is puzzling why the ISPs are not closing these open-proxies as 
soon as they are reported.


The web page used for the main part of the spam is hosted by qwest.net.
The contact address is abuse at qwest.net.

The product advertised is likely either a placebo or a drug that is not 
legal to sell in the U.S.


-John
wb8tyw at qsl.network
Personal Opinion Only



More information about the samba-technical mailing list