i bet you think this spam is about you

an interesting spam: no subject, relatively normal-looking sender, and body text that just said browsing through the cnn website i came across this cnn article which seems to be about you: http://www.cnn.com/USArticle1840@www.example.com/. that url abuses the syntax that allows for specifying a username in the url to push the actual site url to the end—the real request there is to www.example.com with a username of www.cnn.com/USArticle1840.

that almost qualifies as clever. too bad it was sent to a message-id instead of my real email address. (every email has a message-id header, which happens to look quite a bit like a real email address to stupid spam bots. my mail system isn't currently set up to bounce those non-existent addresses immediately, so i sometimes see the double-bounce.)