A spammer that is not the brightest light in the box
I'm fond of saying that spammers are generally not stupid; they do what works and they're quite good at figuring out what that is. However, every so often a spammer comes along who quite clearly challenges or outright breaks this view.
Here's a snippet from a recent SMTP conversation that one of my machines logged:
remote from [22.214.171.124] HELO postoffice.wieck.com 250 Hello postoffice.wieck.com MAIL FROM:<REDACTED@wieck.com> 250 Ok (verified) RCPT TO:<"d..."@REDACTED.org> 554 no such local user
What makes this stand out is the
RCPT TO address. For those who've
never run into this, this (without the quotes) is how Google's Usenet
interface has presented poster email addresses for quite a while. Such
addresses are deliberately obfuscated and have never worked; we can
see how badly broken they are by the fact that they have to be quoted to
make them RFC-legal even as
RCPT TO addresses. Any vaguely smart
spammer would not be dealing with these addresses.
Despite this, this spammer has wasted time and effort collecting these addresses and sending spam to them. This is a genuine waste; someone has carefully scraped and stored these addresses, someone else may have purchased them, and now someone is wasting resources attempting to deliver email to them (resources which could have been spent delivering spam to more viable addresses, ones that at least potentially could pay off). All of this is objectively stupid and worse, it's obviously so.
Comments on this page:Written on 28 December 2012.