What kind of spam is this and how do I filter it?

Our exchange server has been getting spam/junk mail that contains only one or two sentences of garbled information...like a line or two from a strange play, novel, press release.

We've received three in the last 24 hours, all from different domains and they have no attachments, advertisements, or links.

Here is an example...

"The Volcano closed for a second and more elaborate renovation in February 2008 and reopened on December 8, 2008. This led him to new ideas. Black Music Research Journal 8."

What exactly are these and how do you filter them when they have no malicious content and keep coming from different domains each time to get around the blacklisting I do?

Thanks for the help,

Ryan
Ryan GatesAsked:
Who is Participating?
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
It may also be the spammer's software is broken and not sending the link. Blacklisting the domain won't help as that is reactive. The domain will keep changing, and is probably spoofed anyway.

I started using a realtime blackhole list in conjunction with a spam filter (Spamhaus Zen works really well) and most of that stuff disappeared.
0
 
Pasha KravtsovSupport EngineerCommented:
Honestly that's a tough dilemma you're dealing with. It might seem as if you're going to have to blacklist every one of those domains by hand. That's the only way I can think of..
0
 
Ryan GatesAuthor Commented:
This is crazy... I've put all the offending domains on a blacklist and still get more. The most recent one, from yet another new domain, had the subject:

Hello Ryan (the sender has my name)

And then read:

The background in the arms is red. Andrew Young is affiliated. The palace has many lovely gardens and an oratory recreated from the ruins of the ancient Sunrunner Keep.

These are strange and annoying... Help?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
Dan CraciunIT ConsultantCommented:
I'd think these are probably tests and the real spam is yet to come. They are testing to see if the emails get through, what triggers your spam filter.

The palace reference is from here: http://melanierawn.wikia.com/wiki/Dorval
and the volcano from here: http://en.wikipedia.org/wiki/The_Mirage

Dan
0
 
Ryan GatesAuthor Commented:
I've been thinking the same thing, Dan... being tested before something nasty. I'm blacklisting and monitoring all incoming closely. I wish there were a way to guard against this better. I can't think of anything but thought it was worth an ask, here.

Dan, thanks for the reference links. Have any of you ever seen this type of 'testing'?

Ryan
0
 
dhsindyRetired considering supplemental income.Commented:
Does exchange have a filter for size like Thunderbird?

These all look like small simple messages.  You could experiment by setting up a folder and filtering your emails by size and see if you can trap them that way.  More difficult would be setting up a whitelist of addresses you will accept from.
0
 
dhsindyRetired considering supplemental income.Commented:
Another idea would be to review the headers and see if they contain the IP address or an ISP provider that you could contact.  I usually just ignore spammers like that and they get bored after a while with tormenting you.
0
 
dhsindyRetired considering supplemental income.Commented:
>> Have any of you ever seen this type of 'testing'?

I remember getting something like this years ago for a while on an old account. I don't recall ever finding a filtering method because everything was so random and unpredictable.

The action I took was to simply delete without any kind of response. It eventually stopped. This could be someone just testing for valid addresses from a list they have purchased.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.