SPAM methods - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: SPAM methods

  1. #11
    Banned
    Join Date
    Jul 2004
    Posts
    297
    The type of spam your discribing is some of the most annoying and hardest to get to stop I have yet come across. I try to get the web site they link to removed by the provided as well as report to the isp they send through, seems futile at times.

  2. #12
    Senior Member ShippMA's Avatar
    Join Date
    Oct 2002
    Posts
    165
    Hi,

    There wont be an attachment as the image is stored on there server and your client knows where on the server through the CID.

    The way i think it works is as follows:

    On the spammers server they will have many copies of the image and different CID's for each image. Each CID will be in a table and have an e-mail address, or a range of addresses related to it. When someone opens the e-mail they have a program or something that monitors which images are downloaded and therefore they can tell that that address or range is a real address and continue sending spam. If after X amount of time an image is not downloaded then it is obvious that that address or range does not exist and the CID will be reassigned another address or range of addresses.
    www.simpleits.co.uk
    www.tazforum.**********.com
    Google is god ....... of the Internet

  3. #13
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I received three e-mails today with the subject lines:

    Low mortaggee ratess
    Excellent mortagee ratees
    Notice: Loww mortagee ratee approved

    Of course, I guess it's possible their poor spelling is due to the fact they flunked out of school ( so they make money sending this stuff) (Just Kidding!). But seriously, this must also be another device to fool filters.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  4. #14
    Originally posted here by ShippMA
    Hi,

    There wont be an attachment as the image is stored on there server and your client knows where on the server through the CID.

    Yes, that is what I was trying to say. However, the emails that were posted in the start of this thread didn't have the Mime content included, so we can't know if this was occuring in this example.

    The CID / Content-ID is actually supposed to be a fix for "Lazy HTML" where all that is sent in the email is a URL to the image on the server. This was to fix tracking of email activity, and to solve other problems with the practice, such as not being able to view the images embedded on an email if the client is offline. It's supposed to be a detrement for mass emailings, because of the bandwidth required to embed the image in each email and then send them to the recipients. However, with spam, often the bandwidth is stolen anyway, so the spammers don't care so much.

    There are filtering algorythms that throw any email with a CID into the spam bucket, but that can have a lot of false positives, because of the legit usage of it.


  5. #15
    [i]But seriously, this must also be another device to fool filters. [/B]
    Yup, it's done to get past the bayesian filters. Of course, the nice thing about those filters, is they can "learn". So as the spelling of mortagee becomes more common, it will start getting blocked as well.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides