Theo Van Dinter said: > $ tr 'n-za-m' 'a-z' > zvxr^nfpraqrapl(arg > mike^ascendency(net > > It's probably used for spamcop reports and the like. Even if you clean > out your email address, you'll probably skip that header. > > Turns out a number of the unique ids in the message body do this kind > of trick too.
Yep. good way to spot them is the "|aaa" format at the end, where "|" is a non-letter char, and "aaa" are all letters; it usually rotates a few chars around into ".net", ".org" or ".com" ;) They are used to "list-wash". If a spam is reported, with all the usual recipient details removed (like To: lines or Received: entries) -- as spamcop does for example -- the spammer can still use the "encrypted" form to figure out who the reporter was, and then remove them from the list. Working on the assumption that that very few people bother to report spam, this makes the spammer's life a bit easier on the basis that less of his spam will be reported. It also gives them an idea of who to "joe-job" (ie. forge as a From address, in order to flood with bounce messages, in other words a denial-of-service attack) if the reporter really starts getting uppity. :( --j. ------------------------------------------------------- This SF.NET email is sponsored by: Order your Holiday Geek Presents Now! Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap, MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
