September 19, 2006Using CAN-SPAM Against Consumers
I was looking through the source code of a spam message whose characteristics are identical to several that have come through lately from the same source. These guys have huge IP address blocks that they use, and they keep adding blocks all the time.
High-volume spammers who don't use botnets to send their spam typically do what they can to stay within a millimeter of the CAN-SPAM law to avoid problems on that front. Among the provisions of the law are those that mandate that a spammer identify itself honestly in the message and provide a way for the recipient to be taken off the mailing list. To that end, I've seen several veteran spam outfits include their names and mailing addresses in the bodies of the message—but doing things like inserting variable spaces between characters, substituting zero for capital "O," and other things that make it harder for text filtering to spot the spam.
That these outfits already have my email address is unfortunate, but at the moment, they don't know for sure that their messages are actually getting through. I never unsubscribe from a mailing list to which I have not explicitly subscribed, because history reveals that such unsubscriptions give the spammer a fresh email address that they can resell to other spammers or use in a different campaign. Still, I like to know how these guys identify themselves in the spam message.
In today's message, the spammer apparently satisfies the identity/unsubscribe provisions of the CAN-SPAM law, but he does it in a way that won't let me even preview any of that without revealing that I have seen their message. For, you see, the CAN-SPAM-abiding stuff is only visible in a downloadable image. The URL for downloading that image has lots of code numbers on it—numbers that very likely can be tied to my email address in their database. The HTML tag for the image includes what is known as an "alt attribute," which displays text when the image is not displayed (as when you have downloadable images blocked in your email viewer). The alt attribute contains the following instructions:
alt="To view details on the sender, enable image viewing."
Right. Enable image viewing, and thus send up a signal flare that your email address is actively read and lets their crap into the inbox.
Imagine that! A spammer has found another hole in what is already a Swiss cheese law.Posted on September 19, 2006 at 08:50 AM