8/4/2006

Wierdest….Spam….Ever

Uncle AndrewUncle Andrew
Filed under: @ 5:52 pm

So I was checking my spam trap this morning (always check your spam trap; never know when you might find something you really wanted) when I found something that surprised me, an email entitled, “Your email requires verification verify#sG_CzLQj0OqhH5TkMmkV_tLKgE3yjAD0”.

Now this could very well have been a regular old spam dressed up in frickin’ strange clothing to fool me into opening it, but the title intrigued me, and since there was no attachment (and I answer my email on a Mac anyway so I’m immune to most if not all email-based security threats), I decided to take the plunge:

****************Your Attention is Needed***************
The message you sent requires that you verify that you
are a real live human being and not a spam source.

To complete this verification, reply to this message and leave
the subject line intact.

****************Than You***************

The headers of the message sent from your address are show below:

From andrew@uncle-andrew.net Fri Aug 04 10:26:35 2006
Received: from [24.216.179.108] (helo=tikistudios.com)
by vps1006.safesecureweb.com with smtp (Exim 4.52)
id 1G90dF-0008SM-Ui
for andrew@tikistudios.com; Fri, 04 Aug 2006 10:26:35 -0400
Received: from mail.zhonka.net
by 24-216-179-108.dhcp.stls.mo.charter.com (Exim 4.05) with ESMTP id GCJqh1VxgsQOV
for < andrew@tikistudios.com>; Fri, 4 Aug 2006 14:48:35 -0300
Received: from [218.101.31.223]
by mail.zhonka.net with ESMTP (8.12.11/8.12.11) id zcG1G7GKOnEnS
for <
andrew@tikistudios.com>; Fri, 4 Aug 2006 14:44:26 -0300
Reply-to: “
andrew@uncle-andrew.net” < andrew@uncle-andrew.net>
From: “andrew@uncle-andrew.net” < andrew@uncle-andrew.net>
Date: Fri, 4 Aug 2006 14:36:09 -0300
Message-ID: qCecwtzU7Kinl.m6cW2uOJzDtx5@uncle-andrew.net
To: andrew@tikistudios.com
Content-type: text/html;
Charset=Windows-1251
Subject: Need a University Degree to obtain the career you’ve always wanted?
MIME-Version: 1.0

So my mystery mail turned out to be neither a spam nor a virus, but a challenge-response challenge.

For the uninitiated and those who don’t like to follow hyperlinks, challenge-response is a system of authentication used by some email systems to weed out human-generated mail from that generated by software. The sender of the initial email will receive a challenge back from the system, and must respond in a particular manner (the methodology varies depending on the system) in order to verify that (s)he is a real, bona fide human being.

The funny thing about this is, I didn’t send the original email for which the challenge was issued. The originating IP address points to some computer in New Zealand that was doubtless hijacked by a virus or other malware for the purpose of generating spam. How my email addy got into some Kiwi’s computer is anyone’s guess. It could be cached from some forward of a forward of a forward of a forward of something I emailed to someone once; it could have been scoured from a bulletin board, or from this very site. It’s not particularly important.

What is important–okay, not important, but at least noteworthy–is the irony of this entire exchange. Some guy in Missouri gets a spam email from some computer in New Zealand, purporting to be from me here in Washington. His spam filter traps the mail and issues a challenge email back to me (not the actual sender in New Zealand)….where it promptly gets trapped in my spam filter.

Not the best use of bandwidth ever dreamed up. I swear to God, if I ever actually get a chance to meet a real live spammer, I’m gonna make risotto out of his testicles.


All portions of this site are © Andrew Lenzer, all rights reserved, unless otherwise noted.