Spam Hunting is a new sport I've decided to engage in. I know of others who do this in one way or another. Some play as dirty as the spammers but since I'm cataloging this I'll obviously stay clean.
My first piece of spam was from a bounce account on my domain. Bounce accounts are accounts friends used to have on my domain and have discontinued. But the spammers don't know that and still send junk their way. There is a lot of cat and mouse games with these scum such as encrypting pages using scripts.
Our first came in a strange letter that just said Hi in the subject.
[note: for obvious reasons I removed the address of the recipient but feel free to spam the spammer :) ]
the actual text of the message is encoded using HTML encoding (&xx;) with random dictionary words peppered in comment tags. It points to a site http://goedog.com/
So I fire up my trusty perl debugger from and pull down the page. I would use curl if I had my linux box up but I'm at my work laptop so windows it is.
The page of course points to yet another site, http://www.blingcash.com/
Blingcash seems to be nothing more then a porn site, however once you start playing with the variables new pages appear.
The title of the page, BlingCash.com ::: Covert Like the Ole' Days!
Ya the good ole days..
Here was something disturbing. It was targeted to people that were part of the reseller (spamming) program. In particular
What happens when your Epoch customer cancels
his membership with your paysite? Simply send
him one of our new cross sale mailers...a
single click later and you've earned $15.
Let us show you how to profit off cancellations!
CLICK HERE to learn more!
From there I found a contact page!
ICQ Contact :
OK I'll play. Let's talk to the scum bag and see what he says.
Received: (qmail 22370 invoked from network); 9 Sep 2004 00:42:03 -0000
Received: from unknown (HELO bebe.sylviidae.com) (184.108.40.206)
by 2.69-93-235.reverse.theplanet.com with SMTP; 9 Sep 2004 00:42:03 -0000
Received: from mail pickup service by citysilvia.com with Microsoft SMTPSVC;
Thu, 9 Sep 2004 08:50:47 -0800
Received: from 220.127.116.11 by by7fd.bay7.citysilvia.com with HTTP;
Thu, 9 Sep 2004 08:50:47 GMT
Date: 9 Sep 2004 08:50:47 -0400