Solved

Spam Email - need help identifying this

Posted on 2006-11-02
15
309 Views
Last Modified: 2010-04-11

screenshot of a spam mail in my inbox:  http://img507.imageshack.us/img507/4049/spamyy3.jpg


I've been getting lots of emails in this format about every other day. I'm assuming their a common type of spam as I do not have the ability in any of these types of emails to "unsucbscribe" or "remove" or anything.

Spam filtering doesn't work against it.

So can anyone help me itdentify what this is or something? Screenshot is in a link at the top of this post.
0
Comment
Question by:jqsolara
  • 3
  • 2
  • 2
  • +6
15 Comments
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Well, you haven't shown the full headers, so there's not really much to tell you.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
You also haven't said anything about your E-Mail infructure - your platform, MTA software, mail client, etc.
0
 

Author Comment

by:jqsolara
Comment Utility
It's not necessarily a question of tracing down this particular spammer.

I'm more interested in whether or not this email appears familiar to people.

More specifically: Has anyone received this email in his format. Please observe the way the email looks. The colors used, the format used, and the general template of the email. Have you received an email like this, has your friend, your coworker, your wife, your husband, etc. Have you seen this type of email anywhere in your computer experience. Were you able to identify it, were you able to put a stop to it.

That said, if you haven't, well then, here's the header information:

-----------------------------
Return-Path: <koynf@vegie.ebay.sun.com>
Received: from j92120.upc-j.chello.nl (j92120.upc-j.chello.nl [24.132.92.120])
     by pro25.abac.com (8.13.8/8.13.8) with SMTP id kA2IVscG042515
     for <john@leetservices.com>; Thu, 2 Nov 2006 10:32:00 -0800 (PST)
     (envelope-from koynf@vegie.ebay.sun.com)
Received: from 24.132.27.117 ([24.132.27.117])
     by j92120.upc-j.chello.nl (8.13.5/8.13.5) with SMTP id kA2IdkiJ078570;
     Thu, 2 Nov 2006 19:39:46 +0100
Message-ID: <9B2EC280987.B9DDE4E0@vegie.ebay.sun.com>
Date: Thu, 2 Nov 2006 19:31:59 +0100
From: Josephine Bond <koynf@vegie.ebay.sun.com>
To: *MY EMAIL REMOVED FROM HERE*
Subject: coffee table sandcastle
MIME-Version: 1.0
Content-Type: multipart/related;
     boundary="A5B6001B29664BAF320DF0A"
X-Spam-Score: 4.24 (FORGED_RCVD_HELO,HTML_10_20,HTML_IMAGE_ONLY_20,HTML_IMAGE_RATIO_06,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_NUMERIC_HELO)
X-Spam-Level: !!!!
---------------
0
 

Author Comment

by:jqsolara
Comment Utility
well my email showed up on accident, but I'm not too worried about it at this point.

would be nice if this place allowed people to edit their posts.
0
 
LVL 1

Expert Comment

by:kevincostello
Comment Utility
It looks like a type of SPAM that just started going around and that has been bugging us here in the last week or two.

It's called Image Based Spam because it's actually an image of text. Because it is an image of the text, it is getting around the typical spam blockers. Symantec said that they have teams working around the clock to try and figure out a way to stop it.

There are some aggressive custom filters that they provided, but warned that this would result in high false positives... so I'm just kinda waiting for the vendors to figure this one out.
0
 
LVL 17

Expert Comment

by:CSecurity
Comment Utility
Try to install SpamAssain in your mail server
0
 
LVL 30

Expert Comment

by:pgm554
Comment Utility
Yeah,I've been getting them too.

I use OL2K3,and it can't look for keywords in the body of the message.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 30

Expert Comment

by:pgm554
Comment Utility
Strange part is,is that I have all foreign domains blocked,but the headers are from places like the Netherlands and China.
0
 
LVL 8

Accepted Solution

by:
mugman21 earned 500 total points
Comment Utility
Yes sir, I saw that in my trash the other day..... ThunderBird is pretty efficient about deleting spam once you get it trained... you might want to give that a try.

m.
0
 
LVL 4

Expert Comment

by:Smacky311
Comment Utility
I got that spam email several times, but havent seen it in about a week or two.  My yahoo email gets spammed by it.
0
 
LVL 3

Expert Comment

by:mulshoefer
Comment Utility
Try using http://www.gfi.com/mes/.  This program that works very well at blocking spam.  We sued to see it a lot becuase of all the html code buried in the email.  But its been a few weeks since it has been around.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
Comment Utility
>>I do not have the ability in any of these types of emails to "unsucbscribe"...  

I hope you are kidding when you say that you can't unsubscribe!!!  In 2006, some peoples still click on thoses "unsuscribe" links in spams, and for evident reason receive much more spams next days...
0
 

Author Comment

by:jqsolara
Comment Utility
Funny, I've unsubscribed to some emails and never received another afterward. This is the first type of spam on this email account however, that I've received.
0
 
LVL 8

Expert Comment

by:mugman21
Comment Utility
under the canspam act congress passed several years ago, the law abiding spammers have to include a working 'unsubscribe' link. However, this law only applies to spammers here in the US...  

Spammers in other countries that are not subject too this law sometimes don't include an unsubscribe link, and if they do it's not to unsubscribe you but instead to validate it's an active email account so they can spam you more......

Once again, congress passes a law regarding technology they don't understand..... Would somebody please tell the house and senate that the internet is a "global thing-a-majig" (that way they might understand it).

regarding this being the first spam on this email account, prepare for more. One thing spammers do is write programs that don't even use 'real' or 'known' valid email accounts. They just send randomly like joeblow00, joeblow01, joeblow02, ect.... Eventually, one of these emails will be real....

m.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
Comment Utility
I agree with Mugman21. This law is useless until the MTA/SMT server require sender address to be part of its databases before accepting the message for delivery and until a law require MTA`s owner to be fully registred before using port 25 between multiple autonomous systems (AS).

Concerning the "unsubscribe mechanism", this is only an additional tool for spammers who resell your email to others.  When unsubscribing, you only confirm that your email is valid and that you are reading your email often.  That way your email that worth 0.001$ now worth 0.002$ is will much more interesting for viagra resellers!!!

If you unsubscribe for email received from joeblow00, they can simply send email from joeblow01 next day...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now