Yo. Probably right. Funny thing; in spite of the dramatic increase in virus caused spam that I've seen reported, my personal receipt of spam went down pretty dramatically during the months of March/April and is now tracking a curve that's similar to what I received last year.
http://www.notesoft.com/spamtracking/spamtrends.gif Bill > From: Henri Yandell <bayard at generationjava.com> > Reply-To: macgroup at erdos.math.louisville.edu > Date: Sun, 1 Aug 2004 14:56:24 -0400 (EDT) > To: macgroup at erdos.math.louisville.edu > Subject: Re: MacGroup: Fwd: > > > Virus would be my guess as it's coming from a cable/modem in the US but > with a russian reply address. Seems the opposite way around for real spam. > > Also, interestingly, charter.com's website is currently down :) I had to > find the google cache to figure out what they were. > > I can't find anything obvious about it online, though an Apache guy in > Lexington has mentioned it: > > http://drbacchus.com/wordpress/index.php?p=562 > > There are some viruses which mail with an empty subject line and no body, > but they have an attachment. My hypothesis is that we're seeing virus > emails being sent out from cable customers where the cable company are > stripping the attachments on the way out. So we're not getting the ugly > .exe that will burn our tiny Windows computers into scrap metal, and just > getting the rather dull mail-headers. > > Alternatively, they could be misfires as you say. Maybe a worm which > generally works, but sometimes randomly chooses nothing and sends crap. > > Hen > > On Sun, 1 Aug 2004, Bill Holt wrote: > >> That's funny, in the odd sense. I've seen a few, very few, that were truly >> blank but wrote them off to misfires by spammers or perhaps the result of >> some kiddy-script virus. Frankly, I still don't have a better explanation >> unless there's some mechanism I don't know about to confirm receipt of an >> email. >> >> Bill >> >>> From: Henri Yandell <bayard at generationjava.com> >>> Reply-To: macgroup at erdos.math.louisville.edu >>> Date: Sun, 1 Aug 2004 12:39:57 -0400 (EDT) >>> To: macgroup at erdos.math.louisville.edu >>> Subject: Re: MacGroup: Fwd: >>> >>> >>> In this case it really is empty. Turns out I lied, my personal account has >>> been getting them, but SpamAssassin has happily been catching them. >>> >>> ------------=_410B9BF5.46402D40------------ >>> Content-Type: message/rfc822; x-spam-type=original >>> Content-Description: original message before SpamAssassin >>> Content-Disposition: inline >>> Content-Transfer-Encoding: 8bit >>> >>> Return-Path: <rpsne at goldmail.ru> >>> X-Original-To: henri at yandell.org >>> Delivered-To: hen at flamefew.net >>> Received: from 68-189-63-62.ca.charter.com >>> (68-189-63-62.ca.charter.com [68.189.63.62]) >>> by orinoco.flamefew.net (Postfix on Linux (i386)) with SMTP id 3D9963D116 >>> for <henri at yandell.org>; Sat, 31 Jul 2004 09:17:41 -0400 (EDT) >>> X-Message-Info: H[1 >>> Message-Id: <20040731131741.3D9963D116 at orinoco.flamefew.net> >>> Date: Sat, 31 Jul 2004 09:17:41 -0400 (EDT) >>> From: rpsne at goldmail.ru >>> To: undisclosed-recipients:; >>> >>> >>> ------------=_410B9BF5.46402D40-------------- >>> >>> Very bizarre. Possibly it's just checking to see if the email address >>> accepts the email, and therefore probably exists. Much the same as Bill's >>> HREF below, but not tied to a mail client that is showing images. However, >>> many mail servers DROP rather than REJECT, so it's only useful if the mail >>> server is rejecting fred at yandell.org but allow hen at yandell.org. (Must >>> check if mine is dropping). >>> >>> Hen >>> >>> On Sat, 31 Jul 2004, Bill Holt wrote: >>> >>>> You might want to look at the source code. Spammers will sometimes send >>>> lots of seemingly blank messages, but instead of being truly blank, they'll >>>> contain an html code snipit that one would normally expect to display a >>>> graphic. >>>> >>>> For example, it might read: >>>> >>>> HREF="http://www.spammersdomain.com/D845TF5O0.jpg"; >>>> >>>> which is actually a link to nothing. However, when your email program >>>> attempts to fetch and render the picture that's expected, the spammer's >>>> server log records an error and the name of the file that was sought. The >>>> reason the spammer does this is that he's assigned a unique code to each >>>> email address in his list (in the above that name is "D845TF5O0") so that >>>> when your email program attempts to render the non-existent image, he >>>> receives positive confirmation that your email address is valid and active. >>>> Then, of course, he sells your address along with the others that he's >>>> tested as a list of confirmed addresses to other spammers. >>>> >>>> That's one reason that spam control at the isp level is more effective than >>>> spam control on your computer ... it often prevents these address >>>> validations. >>>> >>>> Bill Holt >>>> >>>>> From: "George H. Yankey" <jeffco13 at bellsouth.net> >>>>> Reply-To: macgroup at erdos.math.louisville.edu >>>>> Date: Sat, 31 Jul 2004 13:59:53 -0400 >>>>> To: macgroup at erdos.math.louisville.edu >>>>> Subject: Re: MacGroup: Fwd: >>>>> >>>>> Hen, That is what happens to me also. No sender and no address. >>>>> George >>>>> On Saturday, July 31, 2004, at 01:02 PM, Henri Yandell wrote: >>>>> >>>>>> >>>>>> I've received a few of these at work, though oddly not on my noisier >>>>>> spampot of a personal email. >>>>>> >>>>>> They appear to be completely empty to MS Outlook, no subject, no sender >>>>>> etc. >>>>>> >>>>>> Hen >>>>>> >>>>>> On Sat, 31 Jul 2004, Mike Watkins wrote: >>>>>> >>>>>>> George, >>>>>>> What Message? This is all I got in your E-mail. >>>>>>> Mike >>>>>>> >>>>>>> >>>>>>> On Saturday, July 31, 2004, at 08:19 AM, George H. Yankey wrote: >>>>>>> >>>>>>>> I keep getting the following message in my E-mail. What does it >>>>>>>> mean? Why does it show up two or three times a week? >>>>>>>> >>>>>>>> George Yankey >>>>>>>> >>>>>>>> Begin forwarded message: >>>>>>>> >>>>>>>>> Date: Sat Jul 31, 2004 7:15:10 AM US/Eastern >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> | The next meeting of the Louisville Computer Society will >>>>>>>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>>>>>>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>>>>>>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> | The next meeting of the Louisville Computer Society will >>>>>>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>>>>>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>>>>>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> | The next meeting of the Louisville Computer Society will >>>>>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>>>>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>>>>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>>>>> >>>>> >>>>> >>>>> >>>>> | The next meeting of the Louisville Computer Society will >>>>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>>>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>>>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>>>> >>>> >>>> >>>> >>>> | The next meeting of the Louisville Computer Society will >>>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>>> >>> >>> >>> >>> | The next meeting of the Louisville Computer Society will >>> | be July 27. The LCS Web page is <http://www.kymac.org>. >>> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >>> | List Web page: <http://erdos.math.louisville.edu/macgroup> >>> >> >> >> >> | The next meeting of the Louisville Computer Society will >> | be July 27. The LCS Web page is <http://www.kymac.org>. >> | List posting address: <mailto:macgroup at erdos.math.louisville.edu> >> | List Web page: <http://erdos.math.louisville.edu/macgroup> >> > > > > > | The next meeting of the Louisville Computer Society will > | be July 27. The LCS Web page is <http://www.kymac.org>. > | List posting address: <mailto:macgroup at erdos.math.louisville.edu> > | List Web page: <http://erdos.math.louisville.edu/macgroup> > | The next meeting of the Louisville Computer Society will | be July 27. The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
![http://www.spammersdomain.com/D845TF5O0.jpg"](http://www.spammersdomain.com/D845TF5O0.jpg"){kind=link}