If I were to guess, adding such headers is done to confuse tools that
compute hashes based on headers or use bayes filtering on the entire
mail, since it adds innocent words to the mail without showing them
to most end-users.
It doesn't confuse either Bayes or any hash I'm aware of.
Just as a point of psychology, there is a difference between "done to
confuse" and "does confuse".
Don't assume that people designing a spam tool are necessarily experts at
anti-spam technology. If they were, they would either give up on making
spams, or anti-spam tools would be much less effective than they are.
You look at these obviously absurd headers, and you really should ask
yourself "why are they here? What are they intended to accomplish?" I can
only think of two likely possibilities: either the creator is using these to
hide some sort of tracking information, or he is hoping that they will
somehow make the mail look "less spamy" in some way.
If he is intending to hide tracking info in the headers, it seems pointless
unless he is also writing an MTA of some sort that will see the headers. But
maybe he didn't think that far, and it was his intent to hide tracking info.
Still, it seems a little unlikely.
The other possibility is making the mail get thru spam filters. As you point
out, it fails miserably at this. But that doesn't mean that someone didn't
have a brilliant idea and thought that it might somehow work.
Personally I think that if it stays around for a few weeks that it is great
rule fodder for being sure that the mail IS spam.
Loren
