[Dshield] Fanmail from a flounder

stu stu at evans4.co.uk
Fri Apr 27 04:13:31 GMT 2007

I don't know if anyone else has tried or looked at this yet but I've
been blocking spam based on the Message-ID. 

I found that a number or spam messages would have common parts of the
message ID so I placed these into a filter and had the emails forwarded
to another account purely for spam. So far no legitimate email has been
sent there and it's trapped quite a few spam messages :D


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Sue Young
Sent: 26 April 2007 18:24
To: General DShield Discussion List
Subject: [Dshield] Fanmail from a flounder

The guy sitting next to me just got several one word spams and asked me
block them.  Take a look at the header.

I don't think I'd ever mistake this for legitimate mail.  hacker1 huh?
1337.  I just wanted to share the stupidest thing I've seen all day (so

Sue Young, CISSP

Microsoft Mail Internet Headers Version 2.0

<info snipped>

X-BigFish: vps12(z33fbkzzz109clzzz2dh38m)
X-EF: str=0001.0A090207.4630C8A4.000D,ss=3,fgs=4
X-Spam-TCS-SCL: 6:0
Received: by mail33-fra (MessageSwitch) id 1177602211879526_541; Thu, 26
2007 15:43:31 +0000 (UCT)
Received: from dsl-189-132-92-111.prod-infinitum.com.mx (unknown [])
    by mail33-fra.bigfish.com (Postfix) with ESMTP id 1806B970077
    for <kanwar at gcmlp.com>; Thu, 26 Apr 2007 15:43:30 +0000 (UTC)
Received: from hacker1 ([] helo=hacker1)
    by dsl-189-132-92-111.prod-infinitum.com.mx ( sendmail
with esmtpa id 1vxapu-000AUN-vw
    for kanwar at gcmlp.com; Thu, 26 Apr 2007 10:43:49 -0500
Message-ID: <000b01c78819$a2d50d60$6f5c84bd at hacker1>
From:    "Jakob Sutton" <Suttondflm at FORENSICPANEL.COM>
To: xxxx at xxxx.com
Subject: advent
Date:    Thu, 26 Apr 2007 10:43:29 -0500
Message-ID: <000b01c78819$a2d50d60$6f5c84bd at hacker1>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Return-Path: Suttondflm at FORENSICPANEL.COM
X-OriginalArrivalTime: 26 Apr 2007 15:43:33.0133 (UTC)

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

More information about the list mailing list