Solved

Spam Email - need help identifying this

Posted on 2006-11-02
15
316 Views
Last Modified: 2010-04-11

screenshot of a spam mail in my inbox:  http://img507.imageshack.us/img507/4049/spamyy3.jpg


I've been getting lots of emails in this format about every other day. I'm assuming their a common type of spam as I do not have the ability in any of these types of emails to "unsucbscribe" or "remove" or anything.

Spam filtering doesn't work against it.

So can anyone help me itdentify what this is or something? Screenshot is in a link at the top of this post.
0
Comment
Question by:jqsolara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +6
15 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 17860981
Well, you haven't shown the full headers, so there's not really much to tell you.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17860986
You also haven't said anything about your E-Mail infructure - your platform, MTA software, mail client, etc.
0
 

Author Comment

by:jqsolara
ID: 17861054
It's not necessarily a question of tracing down this particular spammer.

I'm more interested in whether or not this email appears familiar to people.

More specifically: Has anyone received this email in his format. Please observe the way the email looks. The colors used, the format used, and the general template of the email. Have you received an email like this, has your friend, your coworker, your wife, your husband, etc. Have you seen this type of email anywhere in your computer experience. Were you able to identify it, were you able to put a stop to it.

That said, if you haven't, well then, here's the header information:

-----------------------------
Return-Path: <koynf@vegie.ebay.sun.com>
Received: from j92120.upc-j.chello.nl (j92120.upc-j.chello.nl [24.132.92.120])
     by pro25.abac.com (8.13.8/8.13.8) with SMTP id kA2IVscG042515
     for <john@leetservices.com>; Thu, 2 Nov 2006 10:32:00 -0800 (PST)
     (envelope-from koynf@vegie.ebay.sun.com)
Received: from 24.132.27.117 ([24.132.27.117])
     by j92120.upc-j.chello.nl (8.13.5/8.13.5) with SMTP id kA2IdkiJ078570;
     Thu, 2 Nov 2006 19:39:46 +0100
Message-ID: <9B2EC280987.B9DDE4E0@vegie.ebay.sun.com>
Date: Thu, 2 Nov 2006 19:31:59 +0100
From: Josephine Bond <koynf@vegie.ebay.sun.com>
To: *MY EMAIL REMOVED FROM HERE*
Subject: coffee table sandcastle
MIME-Version: 1.0
Content-Type: multipart/related;
     boundary="A5B6001B29664BAF320DF0A"
X-Spam-Score: 4.24 (FORGED_RCVD_HELO,HTML_10_20,HTML_IMAGE_ONLY_20,HTML_IMAGE_RATIO_06,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_NUMERIC_HELO)
X-Spam-Level: !!!!
---------------
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:jqsolara
ID: 17861072
well my email showed up on accident, but I'm not too worried about it at this point.

would be nice if this place allowed people to edit their posts.
0
 
LVL 1

Expert Comment

by:kevincostello
ID: 17861333
It looks like a type of SPAM that just started going around and that has been bugging us here in the last week or two.

It's called Image Based Spam because it's actually an image of text. Because it is an image of the text, it is getting around the typical spam blockers. Symantec said that they have teams working around the clock to try and figure out a way to stop it.

There are some aggressive custom filters that they provided, but warned that this would result in high false positives... so I'm just kinda waiting for the vendors to figure this one out.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 17862186
Try to install SpamAssain in your mail server
0
 
LVL 30

Expert Comment

by:pgm554
ID: 17862537
Yeah,I've been getting them too.

I use OL2K3,and it can't look for keywords in the body of the message.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 17862563
Strange part is,is that I have all foreign domains blocked,but the headers are from places like the Netherlands and China.
0
 
LVL 8

Accepted Solution

by:
mugman21 earned 500 total points
ID: 17865068
Yes sir, I saw that in my trash the other day..... ThunderBird is pretty efficient about deleting spam once you get it trained... you might want to give that a try.

m.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17866087
I got that spam email several times, but havent seen it in about a week or two.  My yahoo email gets spammed by it.
0
 
LVL 3

Expert Comment

by:mulshoefer
ID: 17866275
Try using http://www.gfi.com/mes/.  This program that works very well at blocking spam.  We sued to see it a lot becuase of all the html code buried in the email.  But its been a few weeks since it has been around.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17869606
>>I do not have the ability in any of these types of emails to "unsucbscribe"...  

I hope you are kidding when you say that you can't unsubscribe!!!  In 2006, some peoples still click on thoses "unsuscribe" links in spams, and for evident reason receive much more spams next days...
0
 

Author Comment

by:jqsolara
ID: 17875420
Funny, I've unsubscribed to some emails and never received another afterward. This is the first type of spam on this email account however, that I've received.
0
 
LVL 8

Expert Comment

by:mugman21
ID: 17875854
under the canspam act congress passed several years ago, the law abiding spammers have to include a working 'unsubscribe' link. However, this law only applies to spammers here in the US...  

Spammers in other countries that are not subject too this law sometimes don't include an unsubscribe link, and if they do it's not to unsubscribe you but instead to validate it's an active email account so they can spam you more......

Once again, congress passes a law regarding technology they don't understand..... Would somebody please tell the house and senate that the internet is a "global thing-a-majig" (that way they might understand it).

regarding this being the first spam on this email account, prepare for more. One thing spammers do is write programs that don't even use 'real' or 'known' valid email accounts. They just send randomly like joeblow00, joeblow01, joeblow02, ect.... Eventually, one of these emails will be real....

m.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17892347
I agree with Mugman21. This law is useless until the MTA/SMT server require sender address to be part of its databases before accepting the message for delivery and until a law require MTA`s owner to be fully registred before using port 25 between multiple autonomous systems (AS).

Concerning the "unsubscribe mechanism", this is only an additional tool for spammers who resell your email to others.  When unsubscribing, you only confirm that your email is valid and that you are reading your email often.  That way your email that worth 0.001$ now worth 0.002$ is will much more interesting for viagra resellers!!!

If you unsubscribe for email received from joeblow00, they can simply send email from joeblow01 next day...
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question