On Oct 31, 2008, at 9:58 AM, Ned Slider wrote:
Kevin Windham wrote:
On Oct 31, 2008, at 9:25 AM, ram wrote:
Use a pastebin to paste the entire mail and send us the the URL.
Here is the email.
<http://pastebin.com/m4d55a610>
Thanks,
Kevin
Not sure what you mean by encoded - the fact it's part of an html
formatted message?
I just mean that the URLs look like they are encoded to capture
identity. i.e. if you clicked on it, your email address would be
marked as a real address and more spam would surely follow. I rarely
get real email from an actual person that are encoded that way.
Sometimes I get them from companies, but there aren't normally so many
in the message, especially identical ones.
The other sign is the encoded img tags. I can't recall seeing a
regular site use img tags that are encoded with no meaningful name.
Also, in this case it seems the message-id itself is encoded in the
URLs of links and images. I think that would be a strange thing to do
for a regular site. It seems the spammer is really anxious to get any
kind of feedback that the message was viewed.
Anyway, URIBLs should catch these. That particular domain is now
listed on URIBL_Black and in XBL on spamhaus.
http://lookup.uribl.com/?section=lookup
I do have URIBL running. I got a message earlier that scored a black.
It seems that quite a few of these get through before being listed.
Kevin
