It has been awhile since the last serving of 'spam, Skewered'. The reason for this is pretty simple: while the volume of spam I receive has gone up, the variety of spam has gone way, waaay down. Most of the spam I am receiving follows into one of the following categories:

1. Make your &BODYPART(S) larger
2. Buy a wide variety of prescription pharmaceuticals online (some of which will make your &BODYPART(S) larger), often without a (prescription)
3. Wipe out your debt, or get loans/credit cards
4. Nigeria 4-1-9 scams, and variants thereof

Needless to say, these are pretty boring, and since a lot of the spam is either HTML or BASE-64 encoded, I am not going to put my system(s) at risk just to see what the latest P*N*S enhancement pill costs in Canada.

However, I have gotten several spams, in the past several months, which are a new type of 'offer', shilling products not normally seen in your local department store, nor even on eBay.

Note: I have chosen to present the following email exactly as I read it. It is graphic in its description of the products it offers for sale, and some folks may find it disturbing. In addition, to the best of my knowledge the possession and/or sale of all of these products is a felony offense in the USA, and probably in most other countries as well. I hope that, if the offers made in this email are indeed serious, that the appropriate law enforcement agencies are already on the job, and nail these spammers to the wall.

And now, the moment you have all been waiting for: the spam...

From Sun Nov 9 16:31:40 2003
Return-Path: []
Received: from psmtp.com ( [])
by (8.10.2/8.10.2) with SMTP id hA9MVbl16485
for []; Sun, 9 Nov 2003 16:31:37 -0600
Received: from source ([]) by ([]) with SMTP;
Sun, 09 Nov 2003 14:31:36 PST
From: ""
To: "Webmaster" []
Subject: Confirmation
Date: Sun, 9 Nov 2003 14:31:34 -0800
Reply-To: ""
Message-ID: []
MIME-Version: 1.0
X-Priority: 1 (High)
Importance: High
Return-Receipt-To:
X-Confirm-Delivery-To:
X-Confirm-Reading-To:
Disposition-Notification-To:
X-Mailer: EM: 4.40.0.600
Status: RO
Content-Length: 4562
Lines: 26

This is a multi-part message in MIME format.

Welcome to the site www.cardercrew.com , it's us again, now we extended our offerings, Here is a list:

1. Heroin, in liquid and crystal form.
2. Rocket fuel and Tomahawk rockets (serious enquiries only).
3. Other rockets (Air-to-Air), orders in batches of 10.
4. New shipment of cocaine has arrived, buy 9 grams and get 10th for free.
5. We also offer gay-slaves for sale, we offer only such service on the NET, you can choose the one you like, then get straight to business.
6. Fake currencies, such as Euros and US dollars, prices would match competition.
7. Also, as always, we offer widest range of child pornography and exclusive lolita galleries, to keep out clients busy.
Everyone is welcome, be it in States or any other place worldwide.

ATTENTION. Clearance offer. Buy 30 grams of heroin, get 5 free. Prepay your batch of rockets (air-to-air) and receive a portable rocket-launcher for free.

www.cardercrew.com

This offer won't last! Only until 20th of November all our clients will also receive a pack of 2 CDs, with best selection of child pornography.

Let's start the investigation. WHOIS lookups gave me the following information:

• the originating ip of this email () is assigned to 'Cable OnLine Network' in Shanghai, China.
• the domain on the ''From:'', ''Reply-To'' and ''Message-ID'' headers (HOPONE.NET) is registered to 'HopOne Internet Corporation' in Washington DC, with the technical contact in McLean VA.
• the domain on the web site URLs (cardercrew.com) is registerd to one 'Decep Gal' in Tampa, FL.

Before I continue, I must make the following disclaimers: First, many of the headers in an email can be easily forged, and therefore are considered untrustworthy. So, the email may or may not have been sent by HOPONE.NET. Second, while there ICANN now requires that WHOIS records contain valid contact information, the reliability of this data is still suspect. Third, I have never visited the cardercrew.com web site, so I have absolutely no idea what the contents of that site are, nor am I interested in finding out. It is quite possible that someone is attempting to pull a 'joe-job' (a type of online identity spoofing) on either or both of these domains.

Now, it's time to skewer. To begin with, the email is sent to my 'webmaster' email address, a role address that is published on my web site. I never use this address to send email, so my guess is that the spammer either harvested the address off the site using a spam-bot, or obtained it from one of those CD-ROMS being marketed that is full of email addresses - many of them invalid.

Next, we look at the types of items being offered for sale. Illegal drugs, illegal weaponry, illegal slaves, illegal fake currency, illegal child porn. What do all these things have in common? And, why are these spammers marketing them, via unsolicited offers, to people they don't know, and have never met? I'll bet they would be mortified if it turned out that '' was autoforwarded to someone else, like the email address used to , for example. I guess that the saying ''spammers aren't the sharpest knives in the drawer'' still holds true.

This would be highly funny, except... recently, there were arrests made, and those arrested have been accused of attempting to sell shoulder-fired air-to-air missiles, which could be used to shoot down aircraft -- including commercial airliners in the process of taking-off or landing at a major airport.

Which sort of takes the fun out of things.