The Dean Website. AKA The Exploded Micro-Family
Random header image... Refresh for more!

Damned Spam Artists part 2

I reopened the blog for comments two days ago – thinking well maybe someone who comes here has something to say. Nope. Only comments so far are spam. This means the chances are that the only visitors are spam artists and robots? Och well..


1 Hormel Foods, LLC { 01.26.07 at 11:06 pm }

Thank you for joining the tastiest club on the planet. Get the e-newsletter! Like SPAM® itself, a SPAM? Fan Club membership lasts forever.

SPAM® is a many-flavored thing. Of all the different SPAM® varieties, which one is your favorite? The SPAM® family of products welcomes you into their home.

Spam: “It’s like meat with a pause button”?.

2 patrick { 01.28.07 at 7:53 pm }

Thanks, eedj for that tasty intro! Next on the list, after I canned my previous (MyPHPNuke) CMS’s response forms, someone got pissed off and decided to send forged spams from my domain, using junk names. I unfortunately can do nothing about it, since these emails are not coming from my PCs! In fact my home PC was dead for two weeks after XP decided to remove any trace of all partitions on all my hard disks. This was when the spam got sent out: difficult to be a spambot if you are turned off! Luckily I am nothing if not tenacious, and I now have everything back again. Will I be moving to Vista? If Vista’s disk and file management is as stupid as XP’s then I will stick to XP and get a Mac for my next PC. And of course switch to Linux as well.

3 patrick { 01.28.07 at 8:16 pm }

This is a sample of a returned header:

The original message was received at Sat, 27 Jan 2007 01:39:06 +0100
from []

—– The following addresses had permanent fatal errors —–
< ****>
(reason: 550 5.2.1 < ****>… Mailbox Inactive)

—– Transcript of session follows —–
… while talking to lmtp.mail.priv:
>>> DATA
< << 550 5.2.1 <****>… Mailbox Inactive
550 5.1.1 < ****>… User unknown
< << 503 5.5.0 No recipients, try RCPT first Reporting-MTA: dns; Received-From-MTA: DNS; Arrival-Date: Sat, 27 Jan 2007 01:39:06 +0100 Final-Recipient: RFC822; **** Action: failed Status: 5.2.1 Diagnostic-Code: LMTP; 550 5.2.1 <****>… Mailbox
Last-Attempt-Date: Sat, 27 Jan 2007 01:39:11 +0100

Message attaché
Sujet: worthwhile
De: Vega

Looks like the IP address matches the domain. Going to it seems that only one spam listing service has this address, check:
and UCEPROTECTL1 has it. Going to reveals some interessantes Informazion.
Now how can we get Thunderbird (or any other email proggy) to use UCEProtect and mark as spam emails whose headers reveal a sender IP address blacklisted by them? Let us check the homepage, back in a tick.

4 patrick { 01.28.07 at 11:17 pm }

A short while later looks like I have found a possible answer! SPAMato seems to do the trick 🙂 It even scanned through the 1255 emails in my Thunderbird inbox (IMAP) quite quickly considering how crapped out the connection still is (although not as bad as last week, something has been repaired in the last few days in those damaged Taiwan cables).
Check out for more info. It only missed one – which actually was a bad one – a ‘british muslims genocide’ headed email that contained a .exe virus. Not sure how that one did not get picked out. At least I feel a bit better now, providing Spamato keeps on working I can rest in peace from the damn spam!

5 ICeMaN { 01.29.07 at 9:54 pm }

Yeah, that spam can be deadly, esp. when it’s of the anglo genocidal variety. My old xinde email account has been hijacked for years, I think. Sounds like you’ve got a handle on it now!

I can’t believe Hormel actually paid to trademark the slogan “It’s like meat with a pause button”. Are people aging cheap cuts of meat like wine now? –“Ooohh – the 1994 Spam – surpassed only by the 1976 Treet!”.