Home     Sign in    
Desperate Spammers
11/21/2004
By Simbey

The spam underworld has evolved recently.  No longer are they satisfied using bulk mailing programs.  Now they are using web proxies that don't even regard the SMTP protocol.  Spammers are throwing their poorly written messages into proxies using the HTTP protocol, and the proxies are instructed to relay the messages to E-Mail servers.  But the catch is that HTTP proxies only know how to deal with the HTTP protocol, so although the SMTP server receives line after line of invalid commands, the proxy isn't even paying attention to error responses!  And what's worse, by the time the proxy connects to the mail server, the message text has already been prepared and is catapulted in full at the SMTP server, thereby forcing me to add code for breaking this crap into multiple lines so as to avoid this:


11-03-2004 21:52:54 - SMTP Session: 80.18.225.2
11-03-2004 21:52:54 - POST / HTTP/1.0
Via: 1.0 PRIMAPROXY
Host: MAIL.simbey.com:25
Content-Length: 1349
Content-Type: text/plain
Connection: Keep-Alive

RSET
HELO simbanet.com
MAIL FROM:<r5aywroten@hotmail.com>
RCPT TO:<simbey@simbey.com>
DATA
To: <simbey@simbey.com>
From: "Daniel" <property21kiss@hotmail.com>
Date: Thu, 04 Nov 2004 04:31:02 GMT
Message-Id: <1099542662-9751@excite.com>
Sender: evan5mndy13@hotmail.com
Subject: Tons of big name software at huge savings!
Content-Type: text/plain;

Save your company thousands of dollars when it needs software!

That promotion just got closer...

Incredible DEALS on SOFTWARE you NEED!
Free Delivery on 10% MORE OFF on orders over $200!

Check it out!!
http://bjaghlmi.streamsoft.info/?cdefkixqrnybjzaghlm

$80 Windows XP Professional
$90 Adobe Pagemaker 7.0
$120 Microsoft Office 2003 Professional
$60 Norton Antivirus 2004 Professional
$90 Adobe Photoshop 7.0
$60 Red Hat Linux 7.3
$80 Windows 2000 Professional
$200 MS Windows Server 2003 Enterprise
$90 Adobe Pagemaker 7.0
$120 Quickbooks 2004
Save $410 on Adobe Photoshop!
Save $800 on Macromedia Studio MX!!


Check it out!!
http://bjaghlmi.streamsoft.info/?cdefkixqrnybjzaghlm




josh gocougscanela master1 khan
e-mail mikaelfozzie bridges action carlos abcd yvonne 
alpha1 lady gambit 
praise guinnessgofish malcolm guess
turbo depeche dragonfl 
fugazi bigmachanson dirk cyrano

cannonda fionatimber dead venus depeche dead glenn 
.
QUIT


11-20-2004 20:19:11 - SMTP Session: 66.17.64.91
11-20-2004 20:19:11 - POST / HTTP/1.0
Host: mail.simbey.com:25
Content-Length: 1405
Content-Type: text/plain

RSET
HELO simbal.hautesavoie.net
MAIL FROM:<fregedmanj@hotmail.com>
RCPT TO:<simbey@simbey.com>
DATA
To: <simbey@simbey.com>
From: "Joseph" <wolfMan21a@hotmail.com>
Date: Sun, 21 Nov 2004 06:33:13 GMT
Message-Id: <1101018793-29302@excite.com>
Sender: dmale1sa@hotmail.com
Subject: Go all night!
Content-Type: text/html;

<BODY><TABLE border=0 ALIGN=CENTER><TR><TD border=1><TABLE border=1><TR>
<TD><A
HREF="http://elbgimcdh.dadrecommends.info/?afjkcdhxtnqyelzgvbgim"><IMG
SRC="http://thm-c.search.vip.re2.yahoo.com/image/1048752509"></A></TD>
</TR></TABLE></TD>   
<TD width=50></TD><TD><A
HREF="http://elbgimcdh.dadrecommends.info/?afjkcdhxtnqyelzgvbgim">
<CENTER><font
size=6
FACE="arial"><B>V I A G R A</B></A></CENTER><FONT
SIZE=2 face="comic sans
MS"><LI>As little as <FONT COLOR=red>$1.80 per dose<BR>*ONLY*</FONT>
at this location!<LI>Delivered in an
unmarked envelope.  No one will know!<LI>100% Money Back Guarantee<LI>Works
in 15 minutes!</TD>
</TR></TABLE><BR><BR><BR><BR><A
HREF="http://thumba.image.altavista.com/image/1682426017"><FONT
SIZE=-2>R3M0VE</A>
<BR><BR><BR><BR><BR><BR><BR><BR>

rock aspenbridges qwerty12 marvin
kleenex pearlkleenex laura gray fool hanson prof
lady nikita raptor
yoda hannatattoo magnum norman
jojo hanna rock
bach bachexcalibu canela reynolds

electric castlealpha1 joel buttons informix aylmer diana
.
QUIT


So interestingly enough, although I did not actually receive this junk in my inbox, I still "received" it while viewing my log files.  The message text is sent so quickly to my server, that it's read as one large chunk.  Originally, my server was regarding that large chunk as a single command.  It was an invalid command, but it was still being written to the log, so I still "received" the spam.

Well done, spammers...  You're so desperate to get away with flooding the Internet with your scams that you have enlisted unrelated Internet protocols to mask your origins.  I hope everyone realizes at this point that spam doesn't actually make money for spammers.  They only send out spam because they can.  Just look at the lunacy of their messages.  No one is actually going to do business with some moron who includes the phrase, "cannonda fionatimber dead venus depeche dead glenn" in his sales pitch.  I believe if a salesman were to speak that at a shop to a prospective customer (even a prospective customer looking to purchase illegal $oftware or lengthen his pen1s), the salesman would get punched in the face.

© 2001-2017 Simbey.com