[133272] in North American Network Operators' Group
Re: A fascinating piece of spam
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Tue Dec 7 22:08:59 2010
From: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <201012072346.oB7Nke9n068626@aurora.sol.net>
Date: Tue, 7 Dec 2010 22:08:03 -0500
To: Joe Greco <jgreco@ns.sol.net>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I have been seeing "targeted" spam for a while now - typically from =
someone with my last name and a random first name,
and a familiar subject line.=20
Just wait until they start using the _text_ from open mail lists as =
well.
Regards
Marshall
On Dec 7, 2010, at 6:46 PM, Joe Greco wrote:
>> Well -- spammers are following the NANOG list in real-time, it seems. =
A =3D
>> few hours after my post this afternoon, I received some spam with a =3D=
>> correct Subject: line for that post. I'll be happy to forward the =
email =3D
>> to anyone who wants to analyze it or find the offender and =
permanently =3D
>> blacklist "her" from NANOG...
>=20
> Funny you should mention that. About two seconds before your message,
> I got such a bit of spam.
>=20
>> =46rom carlafletcher24@yahoo.com Tue Dec 7 17:43:02 2010
>> Return-Path: <carlafletcher24@yahoo.com>
>> Received: from nm15.bullet.mail.ne1.yahoo.com =
(nm15.bullet.mail.ne1.yahoo.com [98.138.90.78])
>> by mx1.sol.net (8.14.4/8.14.4/SNNS-1.04) with SMTP id =
oB7Ngtf7002716
>> for <jgreco@ns.sol.net>; Tue, 7 Dec 2010 17:43:00 -0600 (CST)
>> Received: from [98.138.90.51] by nm15.bullet.mail.ne1.yahoo.com with =
NNFMP; 07 Dec 2010 23:42:50 -0000
>> Received: from [98.138.87.1] by tm4.bullet.mail.ne1.yahoo.com with =
NNFMP; 07 Dec 2010 23:42:50 -0000
>> Received: from [127.0.0.1] by omp1001.mail.ne1.yahoo.com with NNFMP; =
07 Dec 2010 23:42:50 -0000
>> X-Yahoo-Newman-Property: ymail-3
>> X-Yahoo-Newman-Id: 9187.54043.bm@omp1001.mail.ne1.yahoo.com
>> Received: (qmail 17052 invoked by uid 60001); 7 Dec 2010 23:42:49 =
-0000
>> DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed; =
d=3Dyahoo.com; s=3Ds1024; t=3D1291765369; =
bh=3DNwik8gyzMPW2hSR2Fc+0a6ZUu1s5oHBhOjv0Shs9wCE=3D; =
h=3DMessage-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To=
:MIME-Version:Content-Type; =
b=3D4Yw5bYZ0DJq7pbortuz7YK0J5opr+dQ0vk3FJ3V5uTF/jVuFRcu9hJxBZ/8u4xakvycmSM=
YOFDMR3oFL6t2JmSt3x4JZmCnDjlS79cL3arFsW/a0aBm9pubfPCYqijis3iCY6uNhji6JxYe0=
OWsMlHU3qTNohvs+dwMUl/gQ8R0=3D
>> DomainKey-Signature: a=3Drsa-sha1; q=3Ddns; c=3Dnofws;
>> s=3Ds1024; d=3Dyahoo.com;
>> =
h=3DMessage-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To=
:MIME-Version:Content-Type;
>> =
b=3Da+L6kibArtNLl3qtSuIHEDxKt2dZfrXLRiUE91IWnNsW6NZ11W6RG51LRXFK288erRYh7k=
9t2evvpBxbkAH7XKQ/B/+lIBaZqgZ5ON3MC3ziMmhrjn3UIX1o1obMDz0vO7R94K4iapDIpVlD=
9xXPOSgc1ENMoW8GA6eoKKRDUbs=3D;
>> Message-ID: <828073.58184.qm@web120306.mail.ne1.yahoo.com>
>> X-YMail-OSG: tTFoZPoVM1lORXP10bFDAvyxx.jFIQDoUGJ6hUxCf6q8Tbk
>> 8RkTR2Q6BakFB1l6t1W5BdZ4fPFVQEWRX_TSB16hGCUxPmFhrTru8ItaSrSg
>> oF9x5JBC6GwAHAwzXaeCohqEqZsyOLa9vBCXu_kKyxJv_zCea2QtIZ_PFH23
>> rGr_j.u85nfOQA_6VJ3uLvtpJ75N0.ufEudhqcR6ZhL4bPb8LTxKYxAtZQ2N
>> _j50f7Uf_DOQ-
>> Received: from [173.208.43.151] by web120306.mail.ne1.yahoo.com via =
HTTP; Tue, 07 Dec 2010 15:42:49 PST
>> X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
>> Date: Tue, 7 Dec 2010 15:42:49 -0800 (PST)
>> From: Carla Fletcher <carlafletcher24@yahoo.com>
>> Reply-To: carlafletcher24@yahoo.com
>> Subject: Re: Re: Abuse@ contacts
>> To: jgreco@ns.sol.net
>=20
> I didn't know that anybody was still keying on subject lines; our spam
> filter tossed it anyways.
>=20
> ... JG
> --=20
> Joe Greco - sol.net Network Services - Milwaukee, WI - =
http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] =
then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail =
spam(CNN)
> With 24 million small businesses in the US alone, that's way too many =
apples.
>=20
>=20
