High Quality Spam

Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.

We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:

You have new ticket

Your payment has been done

Tracking confirmation

Oddly there were a few obviously spammy ones like:

The best way to please her

Maybe they were trying to make sure they got the people who like to open spam messages too?

This campaign is sent though AOL.com servers, which simply goes to prove that no matter what the big “webmail” firms claim about their commitment to preventing spam, they’re easily and consistently exploited day in and day out. The four above all connected from different AOL servers:

  • imr-ma03.mx.aol.com ([64.12.206.41])
  • imr-ma04.mx.aol.com ([64.12.206.42])
  • imr-da05.mx.aol.com ([205.188.105.147])
  • imr-ma06.mx.aol.com ([64.12.78.142])

And all of them originated on different Webmail servers too:

  • webmail-d082.sysops.aol.com (205.188.181.108)
  • webmail-m110.sysops.aol.com (64.12.232.218)
  • webmail-d037.sysops.aol.com (205.188.181.88)
  • webmail-m053.sysops.aol.com (64.12.140.163)

We could go on down the line, but the point is that the spammer in question easily hacks and abuses AOL accounts with impunity.

The main body of the message (at least the prominently visible part) is very nice:

good spamCompared to your typical spam message this one is finely crafted. Each one has a link at the top indicating how you can be better in bed. (We especially liked “Be her brave cowboy!” but “Be her wild prince of pleasure” was pretty good too.) Below that, the image portion contains several images all linked to the same site but using varying URLs. A less meticulous spammer would use one image and the whole thing would link to one URL.

One of the reasons that we used this example as opposed to some of the other ones is to point out one flaw that was slightly disappointing in light of how well put together the rest of the campaign was. The image with the $360 price tag has a blue border because the spammer forgot to turn off the images border when he made it a hyperlink.

Too bad, the rest of the work is outstanding.

The part of the message the spammer wants you to see is what we reproduced above. But — as they say in the infomercials — there’s more! If you scroll the message down a ways it starts to look like this:

spam example

This is just a sample of the “hidden” part of the message that starts after scrolling through a bunch of empty space. Including random clumps of text from literary works or news articles is also a common spammer technique but we rarely see it used to this extent. Not only that, we don’t usually see it with the kind of HTML formatting used by this spammer.

Given the variety displayed in this and other examples this might be hand crafted. We couldn’t come up with a way to use a program to do it off the tops of our heads. If it is software it’s good software.

If you’re the spammer that produced this campaign our hats are off to you. If you’re a less accomplished spammer you could learn a lot from this campaign. We’ll still block your spam but at least it won’t look so ugly.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

Comments are closed.