Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Spam Pie | Main | Liar's Roundup - Part Two »

August 04, 2009

Liar's Roundup - Part One

Time to vent on four different scams I've seen recently in the spamosphere. All of these are intended to deceive recipients in one way or another. Those that try to make it appear as though they're CAN-SPAM compliant — but are definitely not compliant — deserve even more lashes.

First up is an email that displays the following information in your inbox:

From: Staples
Subject: Grand Opening Celebration! Super Savings!

If this showed up in your inbox and if you've ever shopped at a Staples office supply store (real or virtual), there's a good chance you'd believe this came from that company, advertising a new store opening near you. Any former shopper might believe that somewhere along the line he or she gave up an email address in the course of a transaction.

Oh, you'd be so wrong!

Here's what you get instead:

Come join Shop'N'Save[removed].com for our Grand Opening Celebration!

www.shopnsave[removed].com

Save 30% on our entire inventory with your Special Savings Code below!

We offer a wide selection of Quality Products at Great Prices.

&nb sp;Bath & Body Products

&nb sp;Electronics

&nb sp;Jewelry

&nb sp;Toys & Games

&nb sp;...And More!

www.shopnsave[removed].com

Your Special Savings Code is: 1025Gwem

Enter this code at checkout to receive your savings!

sales@shopnsave[removed].com

21 [removed] Dr
Ringoes, NJ 08551

If you would like to be excluded in the future from our mailing list,
just click here and send us an opt-out request email.

This was an HTML-formatted message, and both the street address and opt-out line were formatted in a size 1 font. Now, those two pieces of info are supposed to make the message look legally compliant with U.S. law. But the headers are forged to the hilt. The message also came through a botnetted PC on a DSL connection in Chile. The link tied to the opt-out request is a suspiciously phony-looking excite.com address.

BTW, those "&nb sp;" things are incorrectly formatted non-breaking space characters. In an HTML page put together by someone other than a doofus, those characters only generate a space character.

One final insult to unsuspecting recipients who probably have various default settings in place in their email viewers, the HTML includes a JavaScript script that reports to a stats counting outfit about how many recipients opened the message. The act of opening the message in a script-enabled browser verifies the identity of this particular email spew to Central Control. Somebody's getting paid for your having opened the message.

If you think that just deleting a piece of read spam doesn't contribute to the spam economy, wrongo!

Posted on August 04, 2009 at 05:50 PM