[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mysterious spam message

To: <RSRICHMOND@xxxxxxx>, <voynich@xxxxxxxx>
Subject: Re: mysterious spam message
From: Jordan Lund <lundj@xxxxxxxxxxxxx>
Date: Sun, 25 Feb 2001 10:13:04 -0800
In-reply-to: <db.10b27b6a.27ca7c17@aol.com>
User-agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

> The following mysterious message - quoted below in its entirety with its
> header information - appeared in my e-mail, from the address
> AOLSchoolDiplomas@xxxxxxxxxxxxxxx
> Note that it has two headers - when you receive it it should have three. (The
> "click here" wasn't actually a link in the original - just an underlined
> text.)

The key line is the last received: from, quoted here:

> Received: from smtp.iwoliruyu.co.jp (ACA2764.ipt.aol.com [172.146.129.20])
> by tot-wh1-wq.proxy.aol.com (8.10.0/8.10.0) with SMTP id e6OEX2764;
> Sat, 24 Feb 2001 02:06:42 -0400

The IP address [located in brackets] appears to be a genuine AOL IP, I
checked it with a whois server located at http://www.samspade.org/t/

The reason this is significant is that it rules out a Japanese source for
the e-mail message. Whoever sent it is most likely in the U.S. (Unless they
are paying a huge long-distance bill to dial-in from over-seas.) They only
forged the .co.jp address to throw people, the IP points right to them as
being AOL users.

As to the text you saw, also quoted below:

> mabadebodiduhusibariduzadupiradimovinakedadetisejapuwojo
> tecasiseluletiqadividoebeyokubatobijamosileqoxocezixewijiroricoqucehudedimuzem

> iripuhunuminavowegiwucabagopemugagivawiqanin

This could be a couple of different things. I get a lot of spam from South
East Asia and those are typically written in a character set called "Big 5",
the "Big 5" character set does not display in my e-mail because I obviously
use a Western set of letters. The end result is something that looks similar
to the above, however it is also a seemingly random collection of
upper-case, lower-case, letters and numbers. Add to that the fact that the
e-mail did not come from Japan and I think we can rule out the Big5 issue.

The other possibility is impossible to tell from a copy of the e-mail. If
you have the original still (unlikely), you could check to see if it has any
attachments. My best guess is that this is an ASCII conversion of a MIME
attachment. It's definitely not UUencoding, but it does look a lot like
MIME.


                                            - Jordan
                                            lundj@xxxxxxxxxxxxx

********************************************************************
* "What lies behind us and what lies before is are small matters   *
*  compared to what lies within us."   - Oliver Wendell Holmes     *
********************************************************************

Follow-Ups:
- Re: mysterious spam message
  - From: Jorge Stolfi
- Re: mysterious spam message
  - From: Clay Holden

References:
- mysterious spam message
  - From: RSRICHMOND

Prev by Date: Re: Back to basics - or musings of an old bore
Next by Date: Re: Back to basics - or musings of an old bore
Previous by thread: mysterious spam message
Next by thread: Re: mysterious spam message
Index(es):
- Date
- Thread