Educause Security Discussion mailing list archives
Re: Pointless email spam
From: Heath Barnhart <heath.barnhart () WASHBURN EDU>
Date: Mon, 15 Apr 2013 12:08:56 -0500
A probe maybe? The messages don't contain anything a filter would jump on, like images or links. Just some random text. I'm not as familiar with SMTP headers as I probably should be, but would the response headers from a successful transaction glean any information about the receiving mail system?
Heath Barnhart, CCNA ITS Network Administrator Washburn University Topeka, KS On 04/15/2013 10:46 AM, Dennis Bohn wrote:
We have been seeing these sort-of literary ones, like your sample #2. No idea what purpose.best, Dennis Bohn Manager of Network and Systems Adelphi University bohn () adelphi edu <mailto:bohn () adelphi edu> 5168773327On Mon, Apr 15, 2013 at 7:34 AM, Gary Warner <gar () cis uab edu <mailto:gar () cis uab edu>> wrote:Are other schools seeing a big uptick in "no purpose" spam messages? Wondering if this is an enormous email address list cleanse/harvest? or what other motives anyone might theorize on this? Here are three sample email bodies. No attachment, no links. Can't PROVE they are related, just coincidence of timing and pointlessness. ++++++++++++++++++++ (received from myschoolemail.net <http://myschoolemail.net> 173.246.104.97 <tel:173.246.104.97>) (from: hilda.barrett () myschoolemail net <mailto:hilda.barrett () myschoolemail net>) Denise, I wanted to know if you understand that you can't come to the super deli next Friday. Cheers, H. ++++++++++++++++++++ (envelope from waggishy08 () acm org <mailto:waggishy08 () acm org>) (x-sender: ultrasug9 () gil com au <mailto:ultrasug9 () gil com au>) (X-PHP-Script indicates it was sent via "afes.com/sendmail.php <http://afes.com/sendmail.php>" at request of 186.87.28.58) (Return-Path: suicidaloa53 () afes com <mailto:suicidaloa53 () afes com>) CHAPTER XLI, Nor from ME, neither. Why HE? I stopped. +++++++++++++++++++++ (received from heattreatmentchina.ru <http://heattreatmentchina.ru> (37.255.60.4) (from: stonehengeqq40 () trinity edu <mailto:stonehengeqq40 () trinity edu>) Bofe un you claims it, But we didnt wait. So Tom was satisfied. ++++++++++++++++++++++ ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and Joint Forensics Research 205.422.2113 <tel:205.422.2113> gar () cis uab edu <mailto:gar () cis uab edu> -----------------------------------------------------------
Current thread:
- Pointless email spam Gary Warner (Apr 15)
- Re: Pointless email spam Roger A Safian (Apr 15)
- Re: Pointless email spam Dennis Bohn (Apr 15)
- Re: Pointless email spam Heath Barnhart (Apr 15)
- Re: Pointless email spam Scherck, Daniel (Apr 15)
- Re: Pointless email spam Curtis McNay (Apr 17)
- Re: Pointless email spam Heath Barnhart (Apr 15)
- Re: Pointless email spam Gade, Werner (Apr 15)
- Re: Pointless email spam Jacobson, Dick (Apr 15)
- Re: Pointless email spam Bob Bayn (Apr 15)
- Re: Pointless email spam Jeff Firestone (Apr 16)
- Re: Pointless email spam Jacobson, Dick (Apr 15)