« Confused Spammer | Main | 419—United Nations Style »

June 05, 2008

Put a free service on the Internet, and someone will surely find a way to abuse it. And so it is with the Yahoo! Calendar invitation service, which emails invitations to an event you place on your calendar. You supply the message and invitee email addresses, type in a CAPTCHA code (or use one of the CAPTCHA crackers out there), and you've just spammed a long list of addresses. The message headers are clean, in that the backward chain consists entirely of yahoo.com IP addresses—giving the message a better-than-average chance of making it through blocklisting spam filters.

Here is a 419-type spam I received today from the French version of Yahoo! Calendar:

Notice that the sender's account ends in the numeral 1. As Yahoo shuts down his accounts for abuse violations, he'll probably increment the number for each new account. I'd do things a little differently if I were this 419-er, but then again, I've seen the best at work over the years. I'm not about to offer him advice for free or otherwise.