A new format of spam
Dave Howe
DaveHowe at gmx.co.uk
Mon Jun 29 18:45:10 BST 2009
Peter Tomlinson wrote:
> This may be off topic, or it may not...
>
> Recently the pattern of spam received here has changed. A significant
> proportion of the messages now have a header in the form of a message
> from sysadmin to users on their own organisation's network - doesn't
> work here because I'm a one man band who looks at the sender's ID before
> opening mail (and use Kaspersky which usefully gives me the headers of
> most messages in a preview window), but I can see that in a large
> organisation a significant proportion of these would be opened.. Often
> therefore the forged source is obvious to me, because the purported
> sender is postmaster@<the same domain as the recipient's mailbox>.
> Sometimes the message is formatted as a message to oneself, i.e. source
> and destination mailbox and domain the same. The titles are sometimes
> official, at other times personal:
>
> "Catch up file"
> "Are you at work?"
> "Release date"
>
> "How's your family?"
> "Hollywoods hottest secret , Acai Berry Diet"
>
> I have never opened any of these, but have looked at the source of a few
> of them and the headers of rather more, and cannot see what the scam is.
> Anybody know?
Been seeing them since around xmas time - it leads to a fairly easy
method of blocking, as we have configured our service provider
(mimecast) to reject all mail "from" our own domains unless it comes
from pre-configured ip addresses.
More information about the ukcrypto
mailing list