On Oct 31, 2008, at 9:58 AM, Ned Slider wrote:

> Kevin Windham wrote:
>> On Oct 31, 2008, at 9:25 AM, ram wrote:
>>> Use a pastebin to paste the entire mail and send us the the URL.

>> Here is the email.
>>
>> Thanks,
>> Kevin

>
> Not sure what you mean by encoded - the fact it's part of an html
> formatted message?


I just mean that the URLs look like they are encoded to capture
identity. i.e. if you clicked on it, your email address would be
marked as a real address and more spam would surely follow. I rarely
get real email from an actual person that are encoded that way.
Sometimes I get them from companies, but there aren't normally so many
in the message, especially identical ones.

The other sign is the encoded img tags. I can't recall seeing a
regular site use img tags that are encoded with no meaningful name.

Also, in this case it seems the message-id itself is encoded in the
URLs of links and images. I think that would be a strange thing to do
for a regular site. It seems the spammer is really anxious to get any
kind of feedback that the message was viewed.

> Anyway, URIBLs should catch these. That particular domain is now
> listed on URIBL_Black and in XBL on spamhaus.
>
> http://lookup.uribl.com/?section=lookup


I do have URIBL running. I got a message earlier that scored a black.
It seems that quite a few of these get through before being listed.

Kevin