Gibberish spam - what's up with that?

[mucous]

Hi,

Lately we've been getting hit with a bunch of spam that isn't advertisiing anything. It's just emails with a bunch of gibberish text in it. I don't know what the deal is, maybe they're testing to see what might get past our filtering software or something? They don't come with attachments either. I've included one of the many messages that've come in lately as an example. They all arrive from different addresses also. Any thoughts on this are appreciated!

Thanks


Microsoft Mail Internet Headers Version 2.0
Received: from h172n1fls32o824.telia.com ([217.210.240.172]) by xxxxx-net.xxxxx.com with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 30 Dec 2003 04:52:58 -0500
Received: from [217.210.240.172] by e-hostzz.netIP with HTTP;
Tue, 30 Dec 2003 06:02:13 -0400
From: &quot;Jernigan Taylor&quot; <hlwatcng@tom.com>
To: xyz@xxxxx.com
Subject: Re: XJDPCL, offered the brunette
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [e-hostzz.netIP]
Date: Tue, 30 Dec 2003 15:02:13 +0500
Reply-To: &quot;Jernigan&quot; <hlwatcng@tom.com>
Content-Type: multipart/alternative;
boundary=&quot;--ALT--MMOB24612013543312
&quot;
Message-Id: <GPVMNQK-0007874349390@marvelous>
Return-Path: hlwatcng@tom.com
X-OriginalArrivalTime: 30 Dec 2003 09:52:59.0027 (UTC) FILETIME=[B4DF2E30:01C3CEBA]

----ALT--MMOB24612013543312 ----ALT--MMOB24612013543312 ----ALT--MMOB24612013543312

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

intelligible premiere arenaceous conrail alba doesn't atlantis deform continuant
bush skimp needy ralph tackle inventor checksumming embolden jot clyde
brevity filibuster shaggy constantinople

 

[Marcs41]

the only thing you should check is
X-Originating-IP: [e-hostzz.netIP] and
Received: from [217.210.240.172] by e-hostzz.netIP

If that is the same on all, it is the same sender using different addresses.

SPAM is spam, some do it for fun, advertising or not.


Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[mucous]

Yep spam is spam, but I've finally gotten a handle on most of the pills, porn, and other garbage that was coming in. This stuff just slips right through because I can't think of an easy way to block it. The words are pretty common for the most part and I can't just start adding them to the filters or I'll risk blocking good mail. I guess as long as it's not completely offensive, then it doesn't bug me too much. Just was curious why someone would go through the trouble to send such nonsense. Call me paranoid, but I was thinking there might be something more insidious behind it, what, I don't know.

 

[Marcs41]

You can block the IP if they are all the same, that will help.

 

[ShackDaddy]

I personally think it's a sonar echo for spammers to figure out how many valid addresses are in a bulk address list. Since lots of spam actually gets bounced based on keyword algorithms, they can send something like this to a database of addresses and see what proportion still get bounced. It's a way for them to tell which are actually bad addresses versus which are valid and protected by a spamblocker. If they send this message to 200,000 addresses and only get 36,000 bounce messages, they can assume that at least 100,000 of the addresses are good.

On the other hand, one could imagine this being a strategy to feed spam blocking engines bad data so that eventually they are blocking legitimate mail and have to be turned off.

Shackdaddy

 

[maximumbit]

you should first make sure your server has relay turned off and NDR's turned off.

Secondly, get something like Webshield from McAfee or a similar product. Most of these emails are stopped from entering your network to begin with. Many of the mails use non-standard SMTP headers, regardless of the content of the emails, if the headers are &quot;weird&quot;, this product will stop the mails.

We have also taken an additional step to track down the senders and let the ones based on the US know about the law that is being pursuied to charge $500 per/spam mail.

most of the originating companies are &quot;advertising&quot; firms. I've personally nailed a few of them and proud of it! If everyone did it, I think these jerks would think twice about sending crap like this..

 

[loganginger]

I've noticed a huge increase in these gibberish spam emails coming into our organisation, too. Most of them are regular spam with a heap of random words littered throughout the email.

It's my theory that this is the spammer's attempts to render anything that uses a Bayesian spam filter useless. I won't go into details about what a Bayesian filter is here (there's heaps already written on the subject on the internet), but it's clear to see that a huge multitude of random words will water down it's effects.

That's my guess.

 

[Davetoo]

We just installed GFI Mail Essentials here and after letting it go for about two weeks we turned on the Bayesian feature. Unfortunately, it began intercepting a lot of non-spam, so we had to turn it back off. Even without the Bayesian filter, it does a pretty good job. Still snags a few good emails each day, but usually it's the remote image filter that catches it.

Some people like to send &quot;pretty&quot; emails with backgrounds, etc., which get intercepted as spam.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[stevemoore]

Excellent - maybe you guys can help. Ovetrwhealmed with spam and running Webshield. Have obviously blocked the word Viagra (big wow), is there an easy way or an easy black list to get the other 99%?

 

[silentsam33]

Lander215,
I would try running the bayesian wizard and have it download the spam database from GFI. The bayesian filter is a learning filter and the longer you let it run the more spam it catches. After I turned it on, spam reports from my users drop by 80% and the number of items blocked has increased. But it definately does not like newsletters. I use a whitelist approach. And legit e-mail that are blocked get whitelisted. I have it set to forward all blocked items to a mailbox for review. So far I am very happy with the application. The bayesian filter identifies over 99 % of the spam so I have turned off keyword filtering (mainly for performance).
The only issue I have had was caused by my backup application (Veritas Backup Exec 8.6). It was backing up the GFI folders. Once I excluded the right directories and re-installed ME 9 all was well.