i bet you think this spam is about you

an interesting spam: no subject, relatively normal-looking sender, and body text that just said “browsing through the cnn website i came across this cnn article which seems to be about you: http://www.cnn.com/[email protected]/”. that url abuses the syntax that allows for specifying a username in the url to push the actual site url to the end—the real request there is to www.example.com with a username of “www.cnn.com/USArticle1840”.

that almost qualifies as clever. too bad it was sent to a message-id instead of my real email address. (every email has a message-id header, which happens to look quite a bit like a real email address to stupid spam bots. my mail system isn't currently set up to bounce those non-existent addresses immediately, so i sometimes see the double-bounce.)

« charity, november 2002 december 7, 2002 10:39pm »