Welcome to www [  [ net!

· Home
· AvantGo
· Content
· Feedback
· Forums
· Help Desk
· IRC Chat
· Journal
· Members List
· Private Messages
· Recommend Us
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top 10
· Topics
· Weather
· Web Links

     Who's Online
There are currently, 4 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking

     Content Categories
· Features (1)
· InfoSec (2)
· Spicey Chicken Cartel (8)

     Help Desk


Sugar Land, Texas, United States, North America
Change Settings
Current Conditions:

Feel: 53°F
Wind: CALM
0 mph
Detailed Forecast

 Personalized spam, revealed (and skewered)

spam, Skewered

Oct 12 2003 Update: I have received evidence, which I feel is credible, that the spams from DegreeInfo and Wholintegral are not the work of Chip White, and that in fact Chip White and DegreeInfo.com have been victims of what is known as a 'joe-job'. I am preparing a follow-up article, which should be available RSN. While I am leaving this article more or less intact, I want to make it clear that I do not consider Chip White to be a spammer, and that any references to Mr. White and DegreeInfo.com should be considered 'pointers' to the real spammers, who have committed what is, in my opinion, character assassination.

One of the things they teach you in Salesmanship 101 is to Personalize the Message. When you send out advertising to someone, give them the illusion that you are communicating your message to them, and only them, by customising the wording to include things like their name, their interests, etc. It changes the ad from something that is mass-distributed to hundreds (or even thousands) of people, to something meant specifically for you, and by 'connecting' with the mark customer in this manner an increase in the response rate can be obtained.

Well, in the 'online bulk email' (spam) realm, this same view seems to be present. Even better is the fact that not only can 'personalized spam' help the spammer to connect to his/her audience, it also provides a means of avoiding those annoying (to the spammer, that is) spam filters which look at content - specifically, a large number of messages with EXACTLY THE SAME content.

Well, I recently got such a spam, and it was sooooo funny that I thought I would share it with you.

So, Without Further Ado: The Spam!

Return-Path: <>
Received: from psmtp.com (exprod5mx16.postini.com [])
by (8.10.2/8.10.2) with SMTP id g9Q17aF26407
for ; Fri, 25 Oct 2002 20:07:37 -0500
Received: from source ([]) by exprod5mx16 ([]) with SMTP;
Fri, 25 Oct 2002 21:07:36 EDT
Received: (from httpd@localhost)
by ns7.kabir-ken.jp (8.10.2/8.10.2) id g9Q17ZY31640;
Sat, 26 Oct 2002 10:07:35 +0900
Received: from mail-gw.biglobe.ne.jp (mailsv15.biglobe.ne.jp [2])
by mail2s.biglobe.ne.jp (8.9.1+3.1W/3.7W-99020213) with ESMTP id CAA01931
for ; Sat, 26 Oct 2002 10:07:35 +0900 (JST)
Received: from mail-relay.biglobe.ne.jp by mail-gw.biglobe.ne.jp (8.8.8/3.6W-INET_GW)
id CAA22785 for ; Sat, 26 Oct 2002 10:07:35 +0900 (JST)
Received: from mvf.biglobe.ne.jp by mail-relay.biglobe.ne.jp (8.8.8/3.6W-BIGLOBE_RELAY)
id CAA00201 for ; Sat, 26 Oct 2002 10:07:35 +0900 (JST)
DATE: Sat, 26 Oct 2002 10:07:35 +0900 (JST)
Message-ID: <000001be6d79a08c0d24cd85 @ rwm22251>
X-Mailer: Mozilla 4.06 [ ja ] (Macintosh; I; PPC)
To: ed.truitt @ .net
Subject: just visited your site

Hello [name],

We have just visited your website [site] and find many of your offerings of interest to us.

We request some more info and prices of your services, as they are [compliment] and [compliment 2].

You may also be interested in our services [name] if you never had the chance to go to college. Our books show you how to get a college degree completely online or thru the mail.

Please visit our sites


New! Purchase books and recordings from DegreeInfo! Now you can purchase books and tapes related to distance learning from DegreeInfo. In addition to getting some of the best information available on choosing a distance learning program (including exclusive products available only from DegreeInfo), you'll help to support our site and ensure that it will continue to be available as a distance learning resource.

Read about our first offering, a brand new, one-hour discussion of distance learning success strategies, narrated by John Bear, Ph.D., and available exclusively from DegreeInfo.com . Many parts are of particular interest to folks from [location] so we guessed it was worth telling you [name].

For more information on the renowned distance learning expert Dr John Bear,Ph.D., please visit our sister site http://www.degree.net

There [name], you will find a wealth of information on getting a degree as fast as possible. If I am ever in [location] I will let you know, take you out to lunch.

I will be on vacation for the next 3 weeks, please email your prices and info for [site] then.

When I get back, we can talk business.


Chip White

OK, let's get the header dissection over with. All the Received: lines from Japan have the exact same timestamp, to the second. Examining the rest of the Received: lines more closely, I noticed that ns7.kabir-ken.jp () receives the email from the originator, and sends it to Postini (my ISP's spam-filtering service). Sooo, I am guessing that the last three Received: lines are forgeries, thrown in to confuse spam-tracking systems. The system is a Cobalt RAQ (based on the default Website page), which is configured as an HTTP proxy (I checked), and since it allows anonymous access, it is a perfect target for abuse by spammers (as happened in this case.)

So, since it is unlikely we will ever get a positive ID on the spammer, I will simply post my ''Request for LART'' right here, for everyone to read.

Dear [ISP]

Recently, I received a spam email from one of your [derogatory term for spammer] on the subject of [subject of spam]. I am attaching the [insult] spam, with the full headers, for your review. I don't want to, and have never signed up for the honor having my email inbox flooded with [expletive] offers for [expletive 2] [product].

I checked your website [site] and found out that your ToS/AUP prohibits spamming. So, please apply a heavy wooden mallet to said [derogatory term for spammer]'s [reproductive organs] and LART this sorry [insulting observation on spammer's sexual habits] [insulting observation on spammer's ancestry] [ insult 3] [insult 4] back into [era with no Internet connectivity].

On, and tell that [derogatory term for spammer] that if [s/he/it] every shows up at [location], I will be more than happy to go to lunch - as long as my good friend, Dr. Hannibal Lechter, can join us.

To the owner/administrator of the relay/proxy at [address of open relay/proxy]: The [derogatory term for spammer] took advantage of the fact you allow unauthenticated access to your [expletive]service to send me this [expletive 2] spew. In order to combat these [insult] [insult 2] [derogatory term for spammer], it is imperative you properly secure your [expletive 3] proxy/relay immediately. For further information on how to do this, please visit [URL where the idiot can RTFM].


Don't have an account yet? You can . As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

     Related Links
· More about spam, Skewered
· News by etee

Most read story about spam, Skewered:
URGENT 'Nigeria-419' Scam from South Africa

     Article Rating
Average Score: 5
Votes: 2


 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Sorry, Comments are not available for this article.

Web site powered by PHP-Nuke

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003 by
You can syndicate our news using the file backend.php or ultramode.txt
Web site engine's code is Copyright © 2003 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 1.694 Seconds