Tuesday, May 08, 2007
How desperate do you have to be to spam someone?
This is rich. I'm starting to get a bunch of bounce messages that look like:
- MAILER-DAEMON@conman.org (Mail Delivery System)
- Undelivered Mail Returned to Sender
- Tue, 8 May 2007 05:09:17 -0400 (EDT)[-- Attachment #1: Notification --] [-- Type: text/plain, Encoding: 7bit, Size: 0.5K --]
This is the Postfix program at host brevard.conman.org.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The Postfix program<firstname.lastname@example.org>: host mx4.hotmail.com[22.214.171.124] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)[-- Attachment #2: Delivery report --] [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.4K --]
- dns; brevard.conman.org
- rfc822; email@example.com
- Tue, 8 May 2007 05:09:16 -0400 (EDT)
- rfc822; firstname.lastname@example.org
- X-Postfix; host mx4.hotmail.com[126.96.36.199] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)[-- Attachment #3: Undelivered Message --] [-- Type: message/rfc822, Encoding: 7bit, Size: 1.3K --]
- The Boston Diaries Update Notification [1178615356-28614]
- Tue, 08 May 2007 05:09:16 EDT
Thank you for your interest in The Boston Diaries. To start receiving email notifications of new entries, you will need to reply to this email. You don't need to do anything other than reply to this email. Once you do that, you'll be entered into The Boston Diaries Update Database.
If you have no idea what this email is in reference to, someone submitted your email address for notification of new entries to my weblog/online journal (at http://boston.conman.org). If you want to, you can still reply and get notifications of new entries, but you can also ignore this and there will be no futher emails from my server. That is, unless someone submits your email address *again* without your knowledge.
Basically, some spammer is trying to spam people using my Obligatory Email Notification form, but the form is very basic—only one field is supported and the script generates a precanned email to send (shown above). That part is very basic and I don't see what there is to exploit.
Then again, I wrote the code so I know how it works. The spammer (or spammers; it could be multiple people) may be trying to reverse engineer the script. Heck, if they're that curious, I'll send them the code.
But to investigate this a bit further, I modified the code to record the request (where it came from, what the spammer is trying to send) so I can figure out what they're actually trying to accomplish.