Need a email spam 101 lesson - The Safehouse Forums

Tandom

Mati, with the power of....Heart!

Join Date: Mar 2002

Location: In UR Safehouse Stealing Ur Daggerz

Need a email spam 101 lesson

Posted: 07-12-05, 03:03 PM

I got an email asking for me to help lauder money through the dead national primeminister's second cousin twice removed and once betrayed by his government.

and the damn thing wasn't even addressed to me.

Here is the header content (the troy.edu is my email server)

Code:

From - Tue Jul 12 18:03:34 2005
X-Account-Key: account1
X-UIDL: 1042436228.14471
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: &lt;Mamoepa_shaik@comunae.com>
Received: from webshield01.troy.edu (scan.troy.edu [198.179.130.124])
	by mail.troy.edu (MOS 3.5.6-GR)
	with SMTP id BDG37855;
	Tue, 12 Jul 2005 11:07:08 -0500 (CDT)
Received: from (62.81.236.64) by webshield01.troy.edu via smtp
	 id 2413_29f6eb5e_f2ef_11d9_9385_0002b3cdc1aa;
	Tue, 12 Jul 2005 16:08:20 +0000 (UTC)
Received: from [192.168.108.72] (helo=mb02.in.mad.eresmas.com)
	by asmtp04.eresmas.com with esmtp (Exim 4.30)
	id 1DsNHK-0001gg-FD; Tue, 12 Jul 2005 18:06:38 +0200
Received: from nobody by mb02.in.mad.eresmas.com with local (Exim 4.20)
	id 1DsNHI-0000Po-Ac; Tue, 12 Jul 2005 18:06:36 +0200
From: "Mamoepa Shaik Schabir" &lt;Mamoepa_shaik@comunae.com>
To: Mamoepa_shaik@comunae.com
Subject: Personally addressed to you
Date: Tue, 12 Jul 2005 18:06:36 +0200
X-MAILER: ARB/3.0
Content-Type: text/html; charset=iso-8859-1
Message-Id: &lt;E1DsNHI-0000Po-Ac@mb02.in.mad.eresmas.com>
X-Spam-Score: 6.7 (++++++)
X-Spam-Warning: This message would be spam [67 points]


&lt;html>
&lt;body>
&lt;table cellpadding="8" border="0" width="100%">&lt;tr>&lt;td style="background-color:#ffffff;color:#083431;font-family:verdana;font-size:11px;">&lt;DIV class=RTE>Dear Sir/Madam &lt;/DIV>

&lt;DIV class=RTE>&amp;nbsp;&lt;/DIV>

&lt;DIV>&lt;/DIV>

&lt;P>I presume this letter will come to you as a suprise,but......................................

How can somethnig that's not addressed to me... show up in my email acount.
(granted I have a filter to put anything that doesn't have my name in the to: to go straight to the trash.)
I'd just like a better understanding of how this works.

And is there anything I can tell my email server Admin to do to help block these?
thanks.

Nocte

n00b!

Join Date: Apr 2002

Location: Manchester, NH

re: Need a email spam 101 lesson

Posted: 07-12-05, 07:31 PM

I get this a lot and it still boggles my mind how I get it. Not the same email, but delivery without any tie to my addy for various spams.

Hordolin Awanagin

Veteran

Join Date: Feb 2002

Location: TX

re: Need a email spam 101 lesson

Posted: 07-13-05, 06:41 AM

The mail was sent with an SMTP transaction and not an e-mail client. Basically it was a direct connection to the e-mail server at mb02.in.mad.eresmas.com. When you are doing SMTP transactions you are given prompts for rcpt to: and to:. All you have to do is put whoever@wherever.duh in response to the to: prompt and an actual recipient in the rcpt to:
What shows up in the header is what's put in response for to: and it's delivered to what's put in response to rcpt to:

Clear as mud?

InvisiBill

Veteran

Join Date: Nov 2003

re: Need a email spam 101 lesson

Posted: 07-13-05, 07:09 AM

Blind Carbon Copy.

I know it seems sort of weird, but the To: line doesn't really tell the email server who to send it to. You use To:, CC:, and BCC: to tell your mail client who to send the message to. The mail client then tells the server what email addresses to send the message to. To: and CC: become lines in the message, but BCC: doesn't (because it's "Blind"). Those lines are actually a part of the message, rather than commands to tell the mail server how to deliver the message.

Depending on your mail server, your headers may show more information.

Code:

Return-path: &lt;invisibill_AT_gmail.com>
Envelope-to: invisibill_AT_invisibill.net
Delivery-date: Wed, 13 Jul 2005 11:10:31 -0400
Received: from invisibi by eos.horsepower.site5.com with local-bsmtp (Exim 4.51)
        id 1DsisZ-0004HY-NP
        for invisibill_AT_invisibill.net; Wed, 13 Jul 2005 11:10:31 -0400
Received: from [64.233.170.194] (helo=rproxy.gmail.com)
        by eos.horsepower.site5.com with esmtp (Exim 4.51)
        id 1DsisZ-0004HU-KY
        for invisibill_AT_invisibill.net; Wed, 13 Jul 2005 11:10:31 -0400
Received: by rproxy.gmail.com with SMTP id a41so224434rng
        for &lt;invisibill_AT_invisibill.net>; Wed, 13 Jul 2005 08:10:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=PTvtnyUI24J4bLAomX921r9BxO0FN+msSSfTDll2pdx2Q+c3MjxBfOWamiPVI/oxX/zLyYvvqeCeEvaEw8ceFniyrY4qB6b1ntp1kyF4gVriqc+qZlYn46AYyLWGBYYVmMRjhLMDW/EeKsoKlXufKSFeOHXmw0jI0MAK1TIt1JE=
Received: by 10.38.12.21 with SMTP id 21mr857120rnl;
        Wed, 13 Jul 2005 08:10:34 -0700 (PDT)
Received: by 10.38.24.75 with HTTP; Wed, 13 Jul 2005 08:10:34 -0700 (PDT)
Message-ID: &lt;544f2ba6050713081072a92d42@mail.gmail.com>
Date: Wed, 13 Jul 2005 11:10:34 -0400
From: Bill &lt;invisibill_AT_gmail.com>
Reply-To: Bill &lt;invisibill_AT_gmail.com>
Subject: Test
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
        eos.horsepower.site5.com
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00,MISSING_HEADERS,
        RCVD_BY_IP autolearn=ham version=3.0.4

Testing

That's an email I sent from my Gmail account to my main account with BCC. There's not even a To: line in it. The Envelope-to: header and the Received: headers show that it really was going to my address though.

Invisibill | Gilneas
~~Invissibill & Llibisivni | Blackhand~~
~~Invissibill & Llibisivni | Cazic-Thule~~