* * * * *

               How desperate do you have to be to spam someone?

This is rich. I'm starting to get a bunch of bounce messages that look like:

> From: [email protected] (Mail Delivery System)
> To: [email protected]
> Subject: Undelivered Mail Returned to Sender
> Date: Tue, 8 May 2007 05:09:17 -0400 (EDT)
>
> [-- Attachment #1: Notification --]
> [-- Type: text/plain, Encoding: 7bit, Size: 0.5K --]
>
> This is the Postfix program at host brevard.conman.org.
>
> I'm sorry to have to inform you that your message could not be delivered to
> one or more recipients. It's attached below.
>
> For further assistance, please send mail to <postmaster>
>
> If you do so, please include this problem report. You can delete your own
> text from the attached returned message.
>
> The Postfix program
>
> <[email protected]>: host mx4.hotmail.com[65.54.244.104] said: 550
>     Requested action not taken: mailbox unavailable (in reply to RCPT TO
>     command)
>
> [-- Attachment #2: Delivery report --]
> [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.4K --]
>
> Reporting-Mta: dns; brevard.conman.org
> X-Postfix-Queue-Id: F272E170C522
> X-Postfix-Sender: rfc822; [email protected]
> Arrival-Date: Tue, 8 May 2007 05:09:16 -0400 (EDT)
> Final-Recipient: rfc822; [email protected]
> Action: failed
> Status: 5.0.0
> Diagnostic-Code: X-Postfix; host mx4.hotmail.com[65.54.244.104] said: 550 Requested
>         action not taken: mailbox unavailable (in reply to RCPT TO command)
>
> [-- Attachment #3: Undelivered Message --]
> [-- Type: message/rfc822, Encoding: 7bit, Size: 1.3K --]
>
> From: [email protected]
> To: [email protected]
> Subject: The Boston Diaries Update Notification [1178615356-28614]
> Date: Tue, 08 May 2007 05:09:16 EDT
>
> Thank you for your interest in The Boston Diaries. To start receiving email
> notifications of new entries, you will need to reply to this email. You
> don't need to do anything other than reply to this email. Once you do that,
> you'll be entered into The Boston Diaries Update Database.
>
> If you have no idea what this email is in reference to, someone submitted
> your email address for notification of new entries to my weblog/online
> journal (at http://boston.conman.org). If you want to, you can still reply
> and get notifications of new entries, but you can also ignore this and
> there will be no futher emails from my server. That is, unless someone
> submits your email address *again* without your knowledge.
>
> Sean Conner
>

Basically, some spammer is trying to spam people using my Obligatory Email
Notification form [1], but the form is very basic—only one field is supported
and the script generates a precanned email to send (shown above). That part
is very basic and I don't see what there is to exploit.

Then again, I wrote the code so I know how it works. The spammer (or
spammers; it could be multiple people) may be trying to reverse engineer the
script. Heck, if they're that curious, I'll send them the code.

But to investigate this a bit further, I modified the code to record the
request (where it came from, what the spammer is trying to send) so I can
figure out what they're actually trying to accomplish.

[1] https://boston.conman.org/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.