Educause Security Discussion mailing list archives

Re: Pointless email spam

From: Heath Barnhart <heath.barnhart () WASHBURN EDU>
Date: Mon, 15 Apr 2013 12:08:56 -0500

A probe maybe? The messages don't contain anything a filter would jumpon, like images or links. Just some random text. I'm not as familiarwith SMTP headers as I probably should be, but would the responseheaders from a successful transaction glean any information about thereceiving mail system?


Heath Barnhart, CCNA
ITS Network Administrator
Washburn University
Topeka, KS


On 04/15/2013 10:46 AM, Dennis Bohn wrote:

We have been seeing these sort-of literary ones, like your sample #2.No idea what purpose.

best,
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu <mailto:bohn () adelphi edu>
5168773327

On Mon, Apr 15, 2013 at 7:34 AM, Gary Warner <gar () cis uab edu<mailto:gar () cis uab edu>> wrote:


    Are other schools seeing a big uptick in "no purpose" spam
    messages?  Wondering if this is an enormous email address list
    cleanse/harvest? or what other motives anyone might theorize on this?

    Here are three sample email bodies.  No attachment, no links.
     Can't PROVE they are related, just coincidence of timing and
    pointlessness.


    ++++++++++++++++++++
    (received from myschoolemail.net <http://myschoolemail.net>
    173.246.104.97 <tel:173.246.104.97>)
    (from: hilda.barrett () myschoolemail net
    <mailto:hilda.barrett () myschoolemail net>)

    Denise,

    I wanted to know if you understand that you can't come to the
    super deli next Friday.

    Cheers,

    H.

    ++++++++++++++++++++
    (envelope from waggishy08 () acm org <mailto:waggishy08 () acm org>)
    (x-sender: ultrasug9 () gil com au <mailto:ultrasug9 () gil com au>)
    (X-PHP-Script indicates it was sent via "afes.com/sendmail.php
    <http://afes.com/sendmail.php>" at request of 186.87.28.58)
    (Return-Path: suicidaloa53 () afes com <mailto:suicidaloa53 () afes com>)


    CHAPTER XLI, Nor from ME, neither.
    Why HE? I stopped.

    +++++++++++++++++++++
    (received from heattreatmentchina.ru
    <http://heattreatmentchina.ru> (37.255.60.4)
    (from: stonehengeqq40 () trinity edu <mailto:stonehengeqq40 () trinity edu>)

    Bofe un you claims it, But we didnt wait.
    So Tom was satisfied.

    ++++++++++++++++++++++

    ----------------------------------------------------------

    Gary Warner
    Director of Research in Computer Forensics
    The University of Alabama at Birmingham
    Center for Information Assurance and Joint Forensics Research
    205.422.2113 <tel:205.422.2113>
    gar () cis uab edu <mailto:gar () cis uab edu>

    -----------------------------------------------------------

Current thread:

Pointless email spam Gary Warner (Apr 15)
- Re: Pointless email spam Roger A Safian (Apr 15)
- Re: Pointless email spam Dennis Bohn (Apr 15)
  - Re: Pointless email spam Heath Barnhart (Apr 15)
    - Re: Pointless email spam Scherck, Daniel (Apr 15)
    - Re: Pointless email spam Curtis McNay (Apr 17)
- Re: Pointless email spam Gade, Werner (Apr 15)
  - Re: Pointless email spam Jacobson, Dick (Apr 15)
    - Re: Pointless email spam Bob Bayn (Apr 15)
    - Re: Pointless email spam Jeff Firestone (Apr 16)