The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Tuesday, May 08, 2007

How desperate do you have to be to spam someone?

This is rich. I'm starting to get a bunch of bounce messages that look like:

From (Mail Delivery System)
Undelivered Mail Returned to Sender
Tue, 8 May 2007 05:09:17 -0400 (EDT)
[-- Attachment #1: Notification --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.5K --]

This is the Postfix program at host

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<>: host[] said: 550
    Requested action not taken: mailbox unavailable (in reply to RCPT TO
[-- Attachment #2: Delivery report --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.4K --]
Tue, 8 May 2007 05:09:16 -0400 (EDT)
X-Postfix; host[] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)
[-- Attachment #3: Undelivered Message --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 1.3K --]
The Boston Diaries Update Notification [1178615356-28614]
Tue, 08 May 2007 05:09:16 EDT

Thank you for your interest in The Boston Diaries. To start receiving email notifications of new entries, you will need to reply to this email. You don't need to do anything other than reply to this email. Once you do that, you'll be entered into The Boston Diaries Update Database.

If you have no idea what this email is in reference to, someone submitted your email address for notification of new entries to my weblog/online journal (at If you want to, you can still reply and get notifications of new entries, but you can also ignore this and there will be no futher emails from my server. That is, unless someone submits your email address *again* without your knowledge.

Sean Conner

Basically, some spammer is trying to spam people using my Obligatory Email Notification form, but the form is very basic—only one field is supported and the script generates a precanned email to send (shown above). That part is very basic and I don't see what there is to exploit.

Then again, I wrote the code so I know how it works. The spammer (or spammers; it could be multiple people) may be trying to reverse engineer the script. Heck, if they're that curious, I'll send them the code.

But to investigate this a bit further, I modified the code to record the request (where it came from, what the spammer is trying to send) so I can figure out what they're actually trying to accomplish.

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site:, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.