A spammer that is not the brightest light in the box

December 28, 2012

I'm fond of saying that spammers are generally not stupid; they do what works and they're quite good at figuring out what that is. However, every so often a spammer comes along who quite clearly challenges or outright breaks this view.

Here's a snippet from a recent SMTP conversation that one of my machines logged:

remote from [208.86.167.19]
HELO postoffice.wieck.com
250 Hello postoffice.wieck.com
MAIL FROM:<REDACTED@wieck.com>
250 Ok (verified)
RCPT TO:<"d..."@REDACTED.org>
554 no such local user

What makes this stand out is the RCPT TO address. For those who've never run into this, this (without the quotes) is how Google's Usenet interface has presented poster email addresses for quite a while. Such addresses are deliberately obfuscated and have never worked; we can see how badly broken they are by the fact that they have to be quoted to make them RFC-legal even as RCPT TO addresses. Any vaguely smart spammer would not be dealing with these addresses.

Despite this, this spammer has wasted time and effort collecting these addresses and sending spam to them. This is a genuine waste; someone has carefully scraped and stored these addresses, someone else may have purchased them, and now someone is wasting resources attempting to deliver email to them (resources which could have been spent delivering spam to more viable addresses, ones that at least potentially could pay off). All of this is objectively stupid and worse, it's obviously so.

Written on 28 December 2012.
« Why I somewhat irrationally have a distrust of ZFS on Linux
Why I think that stupid spamming is actively wasteful »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Dec 28 02:54:01 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.