Here's today's first WagonJumper's email ... the domain has a registry date
back in
October 2007.
One of the bottom img src tags is the WagonJumper's logo img. I'd love to find
a way
to be able to scan those imgs - but since they are image refs, and not embedded
- that
doesn't occur.
>From [EMAIL PROTECTED] Thu Jul 3 06:36:24 2008
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on myhost
X-Spam-Level: *****
X-Spam-Status: No, score=5.4 required=8.0 tests=DCC_CHECK,DIGEST_MULTIPLE,
HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,SPF_PASS
autolearn=disabled version=3.2.4
Received: from mx12.contagiousensemble.com (mx12.contagiousensemble.com
[147.203.149.217])
by myhost (8.13.1/8.13.1) with ESMTP id m63AaN5V009292
for <me>; Thu, 3 Jul 2008 06:36:24 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Work At Home" <[EMAIL PROTECTED]>
To: "Me" <me>
Subject: Work at Home Job Search. Immediate Placement
Date: Thu, 03 Jul 2008 03:36:24 -0700
Reply-To: "Work At Home" <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_896_339913931877807616"
X-UID: 23560
Status: RO
Content-Length: 4615
This is a multi-part message in MIME format.
------=_Part_896_339913931877807616
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Work at Home - Easy Work- Great Pay - Start Today
http://mx12.contagiousensemble.com/7VKkLt379368yk227542196KjDrP46NEnUs109CX392n101U
http://mx12.contagiousensemble.com/6155vp37936822eb7542196QF46qoGeH10rU9392cyH
------=_Part_896_339913931877807616
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
<html>
<body>
<IMG
SRC="http://mx12.contagiousensemble.com/2IET3793682ptar27542196Fb46nN10iBk9392xV";><BR>
<center>
<style>
Congress attacks global warming with a cap on greenhouse gases and then
allows firms
to pollute if they buy "carbon offsets" elsewhere lawmakers should consult
the UN's
abysmal record in this slippery type of trading.
The UN set up its Clean Development Mechanism (CDM) to help companies in
industrialized
countries invest in projects in poorer nations that cut greenhouse-gas
emissions as
part of their countries' commitment under the Kyoto Protocol or the European
Union's
emissions plan.
The concept: Cutting emissions anywhere is equally effective in fighting global
warming. So why not keep polluting at home and simply pay, under this so-called
cap-and-
trade system, to close a polluting plant in China or to save a forest in
Brazil? The
cost of financing wind turbines in Bangladesh, for instance, is much less than
scrubbing carbon dioxide from smokestacks in Germany.
But Stanford University researchers who've studied the CDM say the emissions
cuts are
largely illusory: As many as two-thirds of the programs funded contribute
nothing new
to reducing emissions.
How can that be?
One problem is that many offset payments are meant to prevent something from
happening
that might worsen climate change. The CDM must somehow prove a project
has "additionality," that it would not have occurred anyway without a payment.
But that
isn't working out in practice, the researchers say. One simple clue: Most
projects are
already completed at the time they are approved for CDM offsets.
As a British investigative journalist put it: "Offsets are an imaginary
commodity
created by deducting what you hope happens from what you guess would have
happened."
The CDM also creates perverse incentives, says Patrick McCully, executive
director of
International Rivers Network, another critic of the program. A chemical company
in
China, for example, may actually produce more of one potent greenhouse gas
HFC-23, a
byproduct of making refrigerant gases in order to sell an offset credit. The
money
earned through CDM is greater than the cost of making HFC-23.
CDM asks that a project not be something that's already "common practice." But
that
logic only dissuades a poor country from promoting energy-efficiency or, say,
curbing
methane from landfills. Why take such actions if they will disqualify a company
from
CDM credits?
Next week, the US Senate takes up a bill that would impose a cap-and-trade
system that
includes the buying and selling of licenses to emit carbon. Yesterday, a
similar bill
was unveiled in the House. As in Europe, a final bill from Congress will likely
allow
US companies to buy carbon offsets through CDM or similar groups that claim an
expertise in identifying projects that reduce greenhouse gases. Even if a US
plan only
links up with Europe's scheme, it would be part of a system that includes bogus
CDM
credits, which are embedded there.
No doubt some CDM projects do make real cuts in emissions. But as a whole, the
CDM is
clearly flawed and needs, at the very least, significant reform. It's one more
sign
that a cap-and-trade system is a complex and highly suspect way to make
emissions cuts.
A more honest, reliable course is a simple tax on carbon emissions. The dodges
are
easier to spot.
</style>
<a
href="http://mx12.contagiousensemble.com/7VKkLt379368yk227542196KjDrP46NEnUs109CX392n101
U">Work at Home - Easy Work- Great Pay - Start Today<br><br>
<img
src="http://mx12.contagiousensemble.com/74428zTegY1m09392lXjvu66896sgIDE7Pc1977.jpg";
border=0>
</a>
<br><br><br><br>
<a
href="http://mx12.contagiousensemble.com/8HbLU3793682275klcy42196FbHku46ud1W09392QGSrr10
2i">
<img
src="http://mx12.contagiousensemble.com/7587fsud1093gs92SXprt6689BgWJ68Wtx526.gif";
border=0>
</a>
</center>
<BR><BR><center><A
HREF="http://mx12.contagiousensemble.com/6155vp37936822eb7542196QF46qoGeH10rU9392cyH";><I
MG SRC="http://mx12.contagiousensemble.com/779nT7jfdh91aGRX7.jpg";
BORDER=0></center></BODY>
</html>
------=_Part_896_339913931877807616--
On Tue, 01 Jul 2008 14:36:58 -0400, Rob McEwen wrote
> Could you give an example? Are these newly registered top level domains
> spotted in the body of the spams?
>
> Rob McEwen
>
> Mailing Lists wrote:
> > I'm getting dozens of emails daily from a few different spammers. The
> > emails
> > consistently are graphic based, but the graphics are html img refs and not
consistent
> > names - the last image in each one is their send mail to this address to be
> > removed
(or
> > actually to guarantee even MORE spam).
> >
> > One is from "Wagonjumpers" another is from some address in Florida (those
> > images in
the
> > spam are consistent). Each day, it seems they set up a few new hostnames,
> > and
start
> > spamming. We immediately (upon notification from our users) add that
> > hostname to
our
> > access denied list, since they are spammer addresses, but is there an
> > easier way to
> > trap the email?
> >
> > I know that the various img evaluation plugins & image ocr plugins do not
> > appear to
> > work, since they don't download referenced images.
> >
> > --Will
> >
> >
![http://mx12.contagiousensemble.com/74428zTegY1m09392lXjvu66896sgIDE7Pc1977.jpg"](http://mx12.contagiousensemble.com/74428zTegY1m09392lXjvu66896sgIDE7Pc1977.jpg"){kind=link}
![http://mx12.contagiousensemble.com/7587fsud1093gs92SXprt6689BgWJ68Wtx526.gif"](http://mx12.contagiousensemble.com/7587fsud1093gs92SXprt6689BgWJ68Wtx526.gif"){kind=link}
![http://mx12.contagiousensemble.com/779nT7jfdh91aGRX7.jpg"](http://mx12.contagiousensemble.com/779nT7jfdh91aGRX7.jpg"){kind=link}