good news

Zenaan Harkness zen at freedbms.net
Sun Jun 19 17:34:22 PDT 2016 

On Mon, Jun 20, 2016 at 10:13:40AM +1000, Zenaan Harkness wrote:
> On Mon, Jun 20, 2016 at 12:33:26AM +0300, Yui Hirasawa wrote:
> > > Here is a good news from our mutual friend, just read it here
> > > <http://lavibare.safestepstool.org/aectn>
> > 
> > Got anything that I can read without javascript?
> 
> Looking at the email source domain cock.li, the list of recipients, and
> the lack of any depth in the content ("just enough intrigue to catch out
> the termainally sleepy"), you can be pretty sure this is a cracker or
> spam.

As another, ironic example of spam, this just arrived in my inbox:

   ...
   List-Unsubscribe:
   <mailto:v-nlhlfl_ebljglemnb_cpmepaig_cpmcnada_a at bounce.email.gfi.com?subject=Unsubscribe>
   Date: Mon, 20 Jun 2016 00:06:42 +0000 (GMT)
   Subject: How to enable digest emails to End Users

   How to enable spam digest emails – [1]Watch the video

   [2]Gee eFf I MailEssentials # I modified this line to reduce their
   google feedback loop - the first three "words" are actually just three
   letters as one acronym.

   [3]How to enable spam digest emails in GFI MailEssentials

   Hi micle,
   Spam Digest is a short report sent via email to the administrator or your
   end users which lists spam email blocked by
   GFI MailEssentials. [4]Learn more on Spam Digest.
   In this video we show you how to enable spam digest emails in the product.

   [5]Watch the video now

   If you have any questions or need assistance during your trial, please
   call us at +1 (888) 243-4329 or contact
   [6]support.

   GFI MailEssentials Resource Center
   [resource_center_arrow.png]
   ...


Notice there are many cheeky things going on, besides the fact that it was
sent to a non-existent email address (I have not included that line, not
wanting extra spam of course) which was my first giveaway.

Then there's the extra cheeky List-Unsubscribe email header (and it was in
a link in the bottom of the email too) - for all I know, this email could
be an initial part of a spam sequence - this first email is just
canvassing say 10 million email addys, to see who clicks on at least ONE
of the links in this sort-of-reasonable sounding email "oh, these guys
must have sent the email by mistake to me, looks like they handle spam,
I'll click the unsubscribe link so they don't mistakenly email me again".
Yeah right!!

But wait! this list-unsub link begins with a hash of some sort, not just
the (non-existent/ fake) email address to which this spam email was sent
to. Again, by itself not necessarily nefarious.

Next, the observant might notice the millisends on the date stamp, which
does not necessarily say this is spam, but adds to the picture.

Also, the name that this "letter" addresses begins with a lowercase, is
misspelt, clearly is addressing at best an email address and not a person,
and at best best, has been scoured since there is no family name.

The content, if legitimate, is definitely spam - "Spam Digest is a short
report sent via email to the administrator OR YOUR END USERS". Oh, it must
be ok, I'm just an end user, my administrator must really want me to view
this video.

And finally, it is spam - it's neither appropriate nor legitimate for a
spam filtering company to spam the users belonging to the administrator
who installs and manages such a product to protect his/her users from spam
- well, no administrator worth his salt anyway :)

And so on and so on...

May you have a lovely and spam minimized day :)


P.S. It's really a damn good thing I'm on our side of the fence and not
doing the low level dirty work of spam propagation - if I were me, I'd
really hate being on the receiving end of the cunning I'd dish out.

More information about the cypherpunks mailing list