Re: JCLVS, drenched with herring

[dreamshark]

Okay, this has to be the most utterly random spam I have ever received. The entire email is as follows:

From: "Hardy" <vdwaulwlit@terra.com>
To: look29@pobox.com
Subject: Re: JCLVS, drenched with herring
Date sent: Sun, 11 Jan 2004 21:42:21 +0100
Send reply to: "Hardy Quinton" <vdwaulwlit@terra.com>

ecumenic rectangle wondrous bank terrain ignition frangipani cyanamid
mountainous penurious but rash schumann misshapen shill october versatec
dogbane retinal nowaday downdraft agone narcotic presidential

That's it. No sales pitch, no URL, no request for information. Has anybody else been getting stuff like this? Any idea what it's about? The only explanation I can come up with is that the Net itself is struggling into sentience, and this is one of its early, awkward attempts to reach out and start a conversation.

Comments

[sdn.livejournal.com]

i don't know what it is, either. i've been getting them too. i kind of like the three words that always seem to follow the random caps. although i would not want to be drenched with herring.

[magentamn.livejournal.com]

My best guess is that is it a spammer's trick to get you to open email so they can find out which addresses are valid.

I hope that isn't an example of the Net's sentience. If it is, it's insane.

[sraun]

If it's the same as the one I just received, they are trying to harvest valid e-mail addresses. There are a couple of http calls in the HTML version of the e-mail - if you're using an e-mail client that automagically renders HTML, you've just validated.

[dreamshark.livejournal.com]

I don't understand. What do you mean by "html calls?" My understanding of HTML is that it is a markup language that tells a browser how to format a file for display purposes. You seem to be implying that there is active code in the message that somehow contacts the sender. How does one do that with HTML?

There does seem to be some html in this email, but my email tool didn't make any effort to display it as HTML and did not flag the message as containing HTML. The HTML has a line I can't make sense out of, followed by a link to www.e-hostzz.com/cable, followed by several more paragraphs of random English words. If there is any kind of secret program embedded in this thing it must be in the line I can't make sense of, but i don't see how it could do anything. I'd reproduce it here, but it might, I don't know, go off or something, so I won't.

html calls

[kaustin.livejournal.com]

It's usually something like <img src="http://www.scumbagscammer.com/image.cgi?gotyounow+look29@pobox.com">

Which says to your HTML renderer (browser, email program, whatever) that there should be an image here and it's located at http://..., so it goes out to scumbagscammer.com and makes an http request for the image data. But the request is actually triggering a CGI program that enters your email address into a database of validated email addresses; after which it returns the image data the browser requested. This is one of the reasons why email programs that automatically render HTML are a bad thing.

Re: html calls

[90-percent-sure.livejournal.com]

How do I make my mail client never do this?

Re: html calls

[minnehaha.livejournal.com]

You just don't display mail as HTML, I guess.

K.

Re: html calls

[dreamshark.livejournal.com]

Ohhh, you're right, there is a line much like that. Thanks for explaining. The line I couldn't make sense of was this:

Free CableTV!No more pay!!

Which I now realize just says "Free CableTV! No more pay!!!" I guess the bogus HTML tags are just *fnords* designed to confuse spam filters, huh?

The odd thing about this email is that none of the message about Free Cable, etc. is visible UNLESS you open it with an HTML reader. I have my mailtool (Pegasus) set to pretty much ignore HTML. When I looked at the message more closely I noticed it was marked by a little triangle in the folder listing, which turns out to mean that there are alternate forms of the message available. After double-checking my settings and determining that under no circumstances would Peggy fire up a browser to read the message, I went ahead and displayed the alternate form. Since Pegasus is just a reader, not an HTTP client, it just ignored those http calls, so I never saw the image or contacted the website. The alternate message just had several more paragraphs of random English words.

I wonder if the random words are designed to foil another spam check - percentage of capitalized words or something like that.

Re: html calls

[dreamshark.livejournal.com]

Whoops. That didn't make much sense did it? Your browser just cleaned up the garbled text exactly as it was supposed to. The original line about "Free TV!" had junk embedded in all the words; junk being random words inside angle brackets and preceded by a backslash. Obviously there is SOME way to protect html markups inside a quote, but I don't know what it is.

Re: html calls

[kaustin.livejournal.com]

You use &lt; for less than and &gt; for greater than (which I just had to represent using &amp;lt; and &amp;gt; (which I ... (and down the rabbit hole we go))). That prevents browsers from interpreting it as HTML tags.

Re: html calls

[kaustin.livejournal.com]

Unfortunately far too many people use Outlook as their email client, and almost all of them have it set up to auto-render HTML emails, so this technique is able to catch a lot of people.

[jbru.livejournal.com]

I've always assumed that things like this are sent out to see which ones don't bounce and, therefore, are going to valid addresses. I just shuffle them off to my junk pile.

[kaustin.livejournal.com]

Wired has an article about the increase of random words in spam. (found via /.)