Re: regarding spam...

[fwwiz () robertgraham com]

Attached are two recent spams. Notice how the spammer inserts random
content into every field: FROM address, subject, and body. This prevents
MD5 hash systems from getting a handle on it. Even the sender's IP
address is different.

In my document:
http://www.robertgraham.com/pubs/firewall-seen.html
I include a visible address "firewall-seen () robertgraham com" and
an invisible address "firewall-seen () reckoning robertgraham com"
(well, not visible to humans, but visible to spiders).
The goal was to filter spam by comparing hashes for incoming mail to
the "reckoning" domain, preventing spam from reaching my normal account.
My Evil Plan is not working.

By the way, you could help me by dropping 
"something () reckoning robertgraham com" where "something" is anything you
choose. I've got a new Evil Plan for spammers, and it would help if
I could receive a lot of spam @reckoning.robertgraham.com. Choosing
this as your fake e-mail address in USENET postings or hiddine mailto
links on a webpage would help me out a lot.



---------------------------
HELO 210.14.235.58
MAIL FROM:<bnfPeterLasader () msn com>
RCPT TO:<firewall-seen () robertgraham com>
DATA
From: bnciMr Lasader <bnfPeterLasader () msn com>
To: firewall-seen () robertgraham com
Subject: MCSE, MCSA, CCNA, CCNP, Security and More! qxcoj
Sender: bnciMr Lasader <bnfPeterLasader () msn com>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Wed, 3 Apr 2002 12:47:35 -0600

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<p>I noticed your email address on a technology list serve related to I.T. certification. 
  With your permission, we would like to send you information regarding new training 
  solutions - including 14-day instructor-led BootCamps for certifications such 
  as the MCSE, MCSA, CCNA, CCNP and more. To provide us a little bit of information 
  on yourself so that we can send you the right details, please <a 
href="http://195.235.97.200/personal8/toppromo2/tt/";>click 
  here</a>. </p>
<p>Sincerely, <br>
</p>
<p>Jake Swanson</p>
</body>
</html>

qqrfjthkjomtibfynnmeeavj
.
QUIT
------------------------------
HELO 211.22.245.26
MAIL FROM:<eqydPeterLasader () msn com>
RCPT TO:<firewall-seen () reckoning robertgraham com>
DATA
From: eohoMr Lasader <eqydPeterLasader () msn com>
To: firewall-seen () reckoning robertgraham com
Subject: MCSE, MCSA, CCNA, CCNP, Security and More! noie
Sender: eohoMr Lasader <eqydPeterLasader () msn com>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Wed, 3 Apr 2002 12:49:12 -0600

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<p>I noticed your email address on a technology list serve related to I.T. certification. 
  With your permission, we would like to send you information regarding new training 
  solutions - including 14-day instructor-led BootCamps for certifications such 
  as the MCSE, MCSA, CCNA, CCNP and more. To provide us a little bit of information 
  on yourself so that we can send you the right details, please <a 
href="http://195.235.97.200/personal8/toppromo2/tt/";>click 
  here</a>. </p>
<p>Sincerely, <br>
</p>
<p>Jake Swanson</p>
</body>
</html>

gyghfuefnkxwpsdwrsbijlkawirqkbvurwdhwvu
.
QUIT
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards