Grex Agora46 Conference

Item 44: Strange email

Entered by polygon on Fri Jun 27 07:07:50 2003:

This item is for posting incoming email that is out of the ordinary.

71 responses total.

#1 of 71 by polygon on Fri Jun 27 07:09:22 2003:

This one is extremely reminiscent of the message received and posted some
time back which offered money for time travel technology, and concluded
with something like "Evil aliens, please don't reply!" 


---------- Forwarded message ----------
Return-Path: <stealth@recochem.com>
Received: from host-148-244-152-186.block.alestra.net.mx
    (host-200-76-178-243.block.alestra.net.mx [200.76.178.243])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h5QA1SJ0010522
        for <polygon@potifos.com>; Thu, 26 Jun 2003 06:01:29 -0400
Received: from  [12.96.220.237]
        by host-148-244-152-186.block.alestra.net.mx with ESMTP id
    <024539-41762>;
        Fri, 27 Jun 2003 01:50:14 -0200
Message-ID: <s-emf$xl-yzt-d1o$41iik@orru0>
From: "" <stealth@recochem.com>
To: <polygon@potifos.com>
Subject: DWG Needed m z
Date: Fri, 27 Jun 03 01:50:14 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="_..9DC5_664EB8053D0E"

Greetings,

We need a vendor who can offer immediate supply.
I'm offering $5,000 US dollars just for referring a vender which is
(Actually RELIABLE in providing the below equipment) Contact details
of vendor required, including name and phone #. If they turn out to be
reliable in supplying the below equipment I'll immediately pay you
$5,000. We prefer to work with vendor in the Boston/New York area.

1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a
series wrist watch with z60 or better memory adapter. If in stock the
AMD Dimensional Warp Generator module containing the GRC79 induction
motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog
Devices isolinear modules, This unit also has a menu driven GUI
accessible on the front panel XID display. All in 1 units would be
great if reliable models are available

2. The special 23200 or Acme 5X24 series time transducing capacitor
with built in temporal displacement. Needed with complete
jumper/auxiliary system

3. A reliable crystal Ionizor with unlimited memory backup.

If your vendor turns out to be reliable, I owe you $5,000.

Email his details to me at: info@federalfundingprogram.com

Please do not reply directly back to this email as it will
only be bounced back to you.



competitionyj lsarfftjuvrshlbupula p  d
wvhieskadfca cmb du

#2 of 71 by gelinas on Fri Jun 27 14:48:09 2003:

The domain "federalfundingprogram.com" is registered to Bob White
(tomnwrr@aol.com), of Woburn, Massachusetts.

#3 of 71 by pvn on Sat Jun 28 06:32:56 2003:

      pk marketing 
      bob white   (tomnwrr@aol.com) 
      +1.16178778863 
      FAX: +1.7819328769 
      4 oak street 
      woburn, MA 01801 
      US

#4 of 71 by goose on Fri Jul 11 19:55:33 2003:

HE's just fishing for emails huh?

#5 of 71 by polygon on Mon Jul 28 02:04:22 2003:

Here's another version of the time travel letter, looking very spammy
indeed.  I got two, with different random letters at the end of the
subject line. 


---------- Forwarded message ----------
Return-Path: <donald30@spiegel.de>
Received: from 100.Red-80-35-162.pooles.rima-tde.net
    (100.Red-80-35-162.pooles.rima-tde.net [80.35.162.100])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h6RBWNc5005086
        for <polygon@potifos.com>; Sun, 27 Jul 2003 07:32:38 -0400
Received: from 2o.ejc0vp.org ([160.125.89.241])
        by 100.Red-80-35-162.pooles.rima-tde.net with SMTP;
        Sun, 27 Jul 2003 14:27:27 -0500
Message-ID: <54ex9o4g909i$34gig$$3p@ji0tcguiu5>
From: "" <donald30@spiegel.de>
To: <polygon@potifos.com>
Subject: Dimensional Warp Generator Needed ky ci  f
Date: Sun, 27 Jul 03 14:27:27 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="80D_676_EEC96.F"

Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional
warp generator stopped working. I trusted a company here by the name of
LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on
me. I am going to need a new DWG unit, prefereably the rechargeable AMD
wrist watch model with the GRC79 induction motor, four I80200 warp
stabilizers, 512GB of SRAM and the menu driven GUI with front panel XID
display. 

I will take whatever model you have in stock, as long as its received
certification for being safe on carbon based life forms. 

In terms of payment:

I dont have any Galactic Credits left. Payment can be made in platinum
gold or 2003 currency upon safe delivery of unit. Please transport unit in
either a brown paper bag or box to below coordinates on Sunday July 27th
at (exactly 3:00pm) Eastern Stand Ti me. If you miss this timeframe please
email me. 

42.4845467 & Longitude -71.1576157 and the ground is 101.3' above sea level.

Although those coordinates are a secure guarded area, these channels
through email are never secure. Unfortunately it is the only form of
communication I have right now. There is a good chance that sombody will
try to redirect the signal. The unit must be teleported directly in a way
that nobody will be able to interfere with the transference.

After unit has been sent please email me at:
info@federalfundingprogram.com with payment instructions. Do not reply
directly back to this email. 

Thank You


triangle
nu lcxrzmwozixntquukr khrbfozxupdoa d
u t
e v tcjrejqb xvlyzr sskfja bzdrhd

#6 of 71 by bru on Mon Jul 28 02:10:38 2003:

DAmmit!  I didn't get this until after I got home.  I would have loved to use
my Omni to pop in and see what was really going on.

#7 of 71 by rcurl on Mon Jul 28 06:47:06 2003:

That location is near Woburn MA, on Village St, just off Cummings Ave.

#8 of 71 by gelinas on Mon Jul 28 13:20:49 2003:

That sounds close to the place where the guy who registered
federalfundingprogram.com lives.

#9 of 71 by rcurl on Mon Jul 28 17:46:05 2003:

The address in #3 is about 500 meters SSW of the coordinates in #5. I
wonder if the "time traveler* entered an incorrect datum into his
GPS?

#10 of 71 by russ on Tue Jul 29 23:13:39 2003:

From drnwangene1@mail.gr Tue Jul 29 01:02:13 2003
To: <deleted>
From: drnwangene1@mail.gr
Subject: URGENTANDCONFIDENTIAL
Date: Tue, 29 Jul 2003 10:02:13 EET

FROM: DR TONY NWANGENE.
PHONE:(874)-762864167 
FAX  :(874)-762864168

         (URGENT AND CONFIDENTIAL)

RE:  TRANSFER OF ($26,000.000.00 USD}
        TWENTY SIX MILLION DOLLARS

Dear Sir,

We want to transfer ($26,000.000.00 USD) Twenty six million United States 
Dollars from a Prime Bank here in South Africa to oversea account. I want 
to ask you, If you are capable; or quietly look for a reliable and honest 
person who will be capable and fit to provide either an existing bank
account or to set up a new Bank a/c immediately to receive this money,
even an empty a/c can serve to receive this money, as long as you will
remain honest to me till the end for this important business trusting in
you and believing in God that you will never let me down either now or in 
future.

I am the Auditor General of one of the prime banks here in South Africa,
during the course of our
auditing,I discovered a floating fund in an account opened in the bank in 
1996 and since 1998 nobody has operated on this account again,after going 
through some old files in the records I discovered that the owner of the
account died without a [Heir/WILL] hence the money is floating and if I
do not remit this money out urgently it will be forfeited for nothing. 
The owner of this account is SCHULTZ MULLER VORNAMEN a foreigner, a great 
industrialist and he died since 1998.No other person knows about this
account or anything concerning it, the account has no other beneficiary
and my investigation proved to me as well that  until  his  death  he
was  the  manager  DIAMOND HOCHTIEF [pty]SA.

We will start the first transfer with Six million [$6,000.000] upon
successful transaction without any
disappoint from your side, we shall re-apply for the payment of the
remaining rest amount to your account.

The total amount involve is Twenty six million United States Dollars only 
[$26,000.000.00]. I want to first transfer $6,000.000.00 [Six million
United States Dollar] from this money into a safe foreigners account
abroad before the rest.But I don't know any foreigner, I am only
contacting you as a foreigner because this money can not be approved to a 
local person here, without valid international foreign passport, but can
only be approved to any foreigner with valid international passport or
drivers license and foreign a/c  because the money is in US dollars and
the former owner of the a/c is a foreigner too, and the money can only be 
approved into a foreign a/c.

However, we will sign a binding agreement, to bind us together when we
meet face to face after the first transfer of $6 Million before
transferring the second part of $20 Million. I am revealing this to you
with believe in God that you will never let me down in this business, you 
are the first and the only person that I am contacting for this business, 
so please reply urgently so that I will inform you the next step to take
urgently. 

Send me full details of the account to be used for this transfer,
including  your direct telephone and
fax numbers so that I will have a private/security discussion with you.I
want us to meet face to face to
build confidence and to sign a binding agreement that will bind us
together immediately after the first
transfer before we fly to your country for withdrawal, sharing and
investments.

I need your full co-operation to make this work fine because the
management is ready to approve this
payment to any foreigner who has correct information of this account,
which I will give to you upon your
positive response and once I am convinced that you are capable and will
meet up with instruction of  a key bank official who is deeply involved
with me in this business. I need your strong assurance that you will
never, never let me down.

With my influence and my position in the bank, the bank official can
transfer this money to any
foreigner's reliable account that you can provide with assurance that
this money will be intact pending our physical arrival in your country
for sharing. The bank official Will destroy all documents of transaction
immediately we receive this money leaving no trace to any place and to
build confidence.

You can call me for heart to heart discussion through my private
satellite phone which I secured for the
security and safety of this business as you know that this business is
confidential.I will use my position
and influence to obtain all legal approvals for onward transfer of this
money to your account with
appropriate clearance from the relevant ministries and foreign exchange
departments.

At the conclusion of this business, you will be given 35% of the total
amount, 60% will be for me, while 5% will be for expenses both parties
might have incurred during the process of transferring.

I look forward to your earliest reply through my private email address/
nwangene_98@hotmail.com
fax or telephone.

Yours truly,

Dr. DR TONY NWANGENE.

-------------------------------------------------------------
http://www.mail.gr/ - Get Your Private Free Email Address!
http://www.ringtone.gr/ - Ringtones & Logos for your mobile!

#11 of 71 by rcurl on Tue Jul 29 23:48:16 2003:

These "Nigeria" scams are a dime for ten million.... Is there something
different about this one that I missed?

#12 of 71 by keesan on Wed Jul 30 03:20:13 2003:

This one is quite a lot more redundant than most, especially about meeting
face to face (that is when they kidnap you), and the German name is hilarious
- two common last names followed by the word for 'first name'.

#13 of 71 by keesan on Wed Aug 6 06:31:46 2003:

What on earth is this spam trying to accomplish?




Received: from mail.badese.com ([61.145.119.96]) by grex.cyberspace.org (8.6.13
/8.6.12) with SMTP id FAA28311 for <keesan@grex.org>; Tue, 5 Aug 2003 05:00:25 
-0400
Message-Id: <200308050900.FAA28311@grex.cyberspace.org>
Received: (qmail 29059 invoked from network); 4 Aug 2003 05:01:34 -0000
Received: from unknown (HELO televises) (webmaster@211.158.91.148)
  by badese.com with SMTP; 4 Aug 2003 05:01:34 -0000
Date: Mon, 4 Aug 2003 04:31:59 GMT
From: <kee@TOM.COM>
To: <keesan@grex.org>
Subject: accompanied
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
<body><font color="#ffffff">hypoactive <font color="#ffffff">powderpuff <font c
olor="#ffffff">poetic <font color="#ffffff">arabic <font color="#ffffff">excell
ence <font color="#ffffff">populism <font color="#ffffff">bracken <font color="
#ffffff">exasperated <font color="#ffffff">tempting <font color="#ffffff">polic
es <font color="#ffffff">boned <font color="#ffffff">tertiary <font color="#fff
fff">illustrating <font color="#ffffff">hurries <font color="#ffffff">sec <font
 color="#ffffff">craftspeople <font color="#ffffff">sealy <font color="#ffffff"
>tent <font color="#ffffff">exercised <font color="#ffffff">coxcomb <font color
="#ffffff">tarpon <font color="#ffffff">body <font color="#ffffff">illuminated 
<font color="#ffffff">pragmatist <font color="#ffffff">courts <font color="#fff
fff">cough <font color="#ffffff">tennis <font color="#ffffff">adults <font colo
r="#ffffff">scuff <font color="#ffffff">hosted <font color="#ffffff">$RANDO
MIZE <font color="#ffffff">milliammeter <font color="#ffffff">scheduler <font c
olor="#ffffff">andrei <font color="#ffffff">crasher <font color="#ffffff">postp
aid <font color="#ffffff">polluted <font color="#ffffff">aldebaran <font color=
"#ffffff">courses <font color="#ffffff">admixes <font color="#ffffff">matroid <
font color="#ffffff">breakoff <font color="#ffffff">poke <font color="#ffffff">
expediting <font color="#ffffff">excited <font color="#ffffff">coward <font col
or="#ffffff">illegible <font color="#ffffff">sausages <font color="#ffffff">plu
ms <font color="#ffffff">pleaded <font color="#ffffff">hugely <font color="#fff
fff">screwworm <font color="#ffffff">bluish <font color="#ffffff">alicia <font 
color="#ffffff">evocable <font color="#ffffff">testability <font color="#ffffff
">microbial <font color="#ffffff">angelica <font color="#ffffff">technology <fo
nt color="#ffffff">polar <font color="#ffffff">crews <font color="#ffffff">$RAN
DOM
IZE <font color="#ffffff">adulterously <font color="#ffffff">teaspoon <font col
or="#ffffff">barbour <font color="#ffffff">tetrachloride <font color="#ffffff">
icicle <font color="#ffffff">adapters <font color="#ffffff">saponify <font colo
r="#ffffff">melodies <font color="#ffffff">tasking <font color="#ffffff">bela <
font color="#ffffff">taft <font color="#ffffff">possessively <font color="#ffff
ff">possessive thankful sealing expanse mettle positioned bowdlerize exerted sc
hools<p>
<a href="http://srd.yahoo.com/drst/hurled/*http://www.med12z.com/sh/index.h
tml"
> 
<img border="0" 
 src="http://srd.yahoo.com/drst/bois/*http://www.8867v.com/file/ra.gif" >
</a>
 </p><font color="#ffffff">count <font color="#ffffff">imagen <font color="#fff
fff">bogey <font color="#ffffff">abner <font color="#ffffff">midweek <font colo
r="#ffffff">exportation <font color="#ffffff">bosom <font color="#ffffff">playm
ates <font color="#ffffff">exhaustable <font color="#ffffff">accessibility <fon
t color="#ffffff">poet <font color="#ffffff">plunders <font color="#ffffff">ari
adne <font color="#ffffff">coulomb <font color="#ffffff">botulinus <font color=
"#ffffff">bolted <font color="#ffffff">thallophyte <font color="#ffffff">betsy 
<font color="#ffffff">betty <font color="#ffffff">tangible <font color="#ffffff
">accompany <font color="#ffffff">alberich <font color="#ffffff">meadowland <fo
nt color="#ffffff">mike <font color="#ffffff">scrim <font color="#ffffff">bergs
on <font color="#ffffff">council <font color="#ffffff">maxima <font color="#fff
fff">brainstem <font color="#ffffff">adjudged <font color="#ffffff">$RANDOM
IZE <font color="#ffffff">teethes <font color="#ffffff">scenario <font color="#
ffffff">seasons <font color="#ffffff">scepters <font color="#ffffff">powerhouse
 <font color="#ffffff">tamale <font color="#ffffff">exploited <font color="#fff
fff">boatswains <font color="#ffffff">schoolroom <font color="#ffffff">cribs <f
ont color="#ffffff">execrate <font color="#ffffff">crayfish <font color="#fffff
f">excrescent <font color="#ffffff">bizet <font color="#ffffff">hygrometer <fon
t color="#ffffff">excerpt <font color="#ffffff">savaged <font color="#ffffff">a
cculturating <font color="#ffffff">criterion <font color="#ffffff">hymen <font 
color="#ffffff">middles <font color="#ffffff">talks <font color="#ffffff">seaso
nably <font color="#ffffff">scoundrel <font color="#ffffff">scuff <font color="
#ffffff">bon <font color="#ffffff">booms <font color="#ffffff">milking <font co
lor="#ffffff">satisfy <font color="#ffffff">millenia <font color="#ffffff">$RAN
DOMI
ZE <font color="#ffffff">algeria <font color="#ffffff">bonaventure <font color=
"#ffffff">evenhanded <font color="#ffffff">breachers <font color="#ffffff">poma
de <font color="#ffffff">breakdowns <font color="#ffffff">angeline <font color=
"#ffffff">bernard <font color="#ffffff">tardiness <font color="#ffffff">bergson
 <font color="#ffffff">hundred <font color="#ffffff">powdered <font color="#fff
fff">RANDOMIZE memorially bothering mendelevium etiology hotly taunter expiate 
bolsheviks</body>
</html>

#14 of 71 by glenda on Wed Aug 6 11:04:47 2003:

It's a very colorful ad for viagra.

#15 of 71 by keesan on Wed Aug 6 13:38:29 2003:

Why all the learned words with font colors in between?

#16 of 71 by oval on Wed Aug 6 13:40:06 2003:

because spammers are insane?

#17 of 71 by gelinas on Wed Aug 6 14:07:44 2003:

The colour "#FFFFFF" is . . .  white.  So the 'learned words' don't show
up, but they probably help the message get through various filters.

#18 of 71 by dcat on Wed Aug 6 19:12:45 2003:

The actual message is a GIF picture -- http://www.8867v.com/file/ra.gif,
reached through a Yahoo redirect -- and the rest is random crap that
supposedly helps it get through spam filters, coloured white so you don't
actually see it when the message comes up in Outlook or some other
image-displaying, html-understanding mailreader.

#19 of 71 by keesan on Thu Aug 7 00:16:49 2003:

Why color each word separately?

#20 of 71 by tpryan on Thu Aug 7 01:01:19 2003:

        It prevents filtering on any two words together.

        Any e-mail that uses deception to deliver a message will
not be paid attention to.  How can we trust a self-proclaimed
deciever?

#21 of 71 by keesan on Thu Aug 7 21:08:12 2003:

Who would trust someone illegally selling drugs?

#22 of 71 by russ on Thu Aug 7 22:34:07 2003:

I expect that the spammer tactic of using bogus HTML tags and
comments to split up words so that scanners can't parse them
will fail when scanners start using these things as red flags.
Ditto high fractions of nonsense strings.  Stuff like that
doesn't need to go through the Bayesian spam detectors; it
is quite distinct already.

#23 of 71 by polygon on Fri Aug 8 16:42:15 2003:

Better yet, reject all email which contains any HTML tags.

#24 of 71 by russ on Sat Aug 9 01:55:06 2003:

Unfortunately, lots of people I know use services which insist
on sending mail as HTML, and what do you do when someone sends
a URL?  Much as I hate it, HTML is becoming essential to mail.

Bouncing anything with Javascript or an image load from another
site (web bug) still makes good sense, though.

#25 of 71 by polygon on Sat Aug 9 04:32:12 2003:

If a service insists on sending mail as HTML, then it should get
used to not having mail accepted, and anyone who uses that service
should think about other options.

A URL is not by itself HTML.

HTML is not essential to email.

#26 of 71 by i on Sat Aug 9 04:37:00 2003:

Almost all the HTML e-mail i get is spam - even with heavy spam filtering.
Most of what isn't spam is pretty low grade anyway.
I'd be happy for an option to bounce all HTML e-mail with a "HTTP format
e-mail is not accepted here" error message.

#27 of 71 by pvn on Sat Aug 9 07:02:34 2003:

Yeah.  If you want to use HTML then post it on an f-ing web page. The
email is text.  Its nice to allow attachments that are not text by
encoding it as text but the basic SMTP email that is the glue of the
Internet is fundamentally 7-bit ascii text.

#28 of 71 by cmcgee on Sat Aug 9 14:34:10 2003:

Some really techno-clueless types use AOL.  Since version 5, AOL has not been
configurable to a "text-only" option.  All mail from that provider comes as
HTML only, not even a 1)text--2)HTML form.  It's a serious pain for me, using
Pine, and for a lot of members on a 500 person email list that I administer.
But there is no way around it unless AOL changes its software.

#29 of 71 by russ on Mon Aug 11 00:01:54 2003:

Re #28:  There are filters to convert HTML to plain text; something
as simple as the sed expression "s/<[^>]*>//" will do it.  If the
list maintainer can't or won't use them, that's another problem.

#30 of 71 by rcurl on Mon Aug 11 00:52:40 2003:

I get mail via AOL that always has both text and html. It is a nuisance to
view the attached text, but that works. I don't know whether AOL is sending
the text or PINE is adding it.

#31 of 71 by cmcgee on Mon Aug 11 00:53:09 2003:

Russ, email me.  We use majordomo software to maintain the list and forward
emails.  Are you saying that we could use that expression to clear out HTML
before the email is forwarded to the list?

#32 of 71 by polygon on Mon Aug 11 13:46:43 2003:

Here's another spam which is heavy with vocabulary; presumably the come-on
message is in the image file.


---------- Forwarded message ----------
Return-Path: <pol@AOL.COM>
Received: from elijah.churchquest.com (elijah.churchquest.com
    [207.44.130.42])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with ESMTP id h720Pnc5017663
        for <polygon@potifos.com>; Fri, 1 Aug 2003 20:25:49 -0400
Received: from amarillo ([218.70.137.44])
        (authenticated (0 bits))
        by elijah.churchquest.com (8.11.6/8.11.6) with ESMTP id h720PXg12954
        for <polygon@potifos.com>; Fri, 1 Aug 2003 19:25:34 -0500
Message-Id: <200308020025.h720PXg12954@elijah.churchquest.com>
Date: Sat, 2 Aug 2003 00:25:38 GMT
From: "Jeffrey Kazemzadeh"<pol@AOL.COM>
To: polygon@potifos.com
Subject: melon
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

acknowledging eternity euphorbia evolution horizontal acculturating sears
ainu population crawled beatrice tamer experimentally mendelevium export
metavariable adsorbs savaged bahrein blueprint secondarily hotness
cortege bought avon accessed plucking porterhouse metamorphose algonquin
$RANDO MIZE plenitude accoutrement adaptable evenness poetical
immediacies bracelet tenuous immediately adulthood binghamton expensively
measurably bookkeep teleprompter savor accidental anglican american aleck
evaluate melodic creeper scripts exclaimer advertises cough measurements
acrimony mignon $RANDOM IZE middlemen atropos cosines administers alicia
housework brazenness courtesan expands porter exiled adonis adriatic bern
acquit hysteric menacing brazed horseman poisonousness thanklessly

[ra.gif]

admonishments bartok hovered schelling critical tempered explicit borders
adoration plowman sap posits theist sawfly pots cries membership scenes
scrooge polynomials icing imbibe exotic biggs hulls polaron illusionary
scarceness hornwort milestones $RANDOM IZE brand cosmetics metalloid
pocus ethnography policing courthouses biggs megahertz populations
microcode expository scar beauregard adages temptations borax tangible
hypoactive bathurst microcomputers accessory polka accrual scrupulous
bangui exclusionary adored mentalities expanded $RANDOMI ZE merited
boarder advantageously hurts brandishes plunging courser possibly
schlieren saturdays mercantile populated tantrums populates acculturated
meteors ahmedabad mechanically teemed atalanta crashers

#33 of 71 by remmers on Mon Aug 11 16:44:37 2003:

My mail program (kmail) displays HTML messages as raw HTML, but I can
click on a button to have it render the HTML if I wish.  I do that on
those extremely rare occasions that I receive an HTML message that
isn't spam.  Otherwise, I simply click on the delete button.

#34 of 71 by gull on Tue Aug 12 20:28:06 2003:

Hotmail has also started sending mail as just HTML, not text+HTML. 
Given the amount of mail they send not sending two versions of
everything is probably a significant bandwidth savings.  Of course, I
just trash those messages since Pine refuses to open them.

#35 of 71 by rcurl on Sun Aug 17 01:56:35 2003:

The following just received:

Date: Fri, 15 Aug 2003 03:27:09 -0400 (EST)
From: Fethard-biz Manager <Walliw_Melba@mail.com>
To: ranecurl@umich.edu
Subject: You credit card has been charged for $234.65

                                Important notice

We have just charged your credit card for money laundry service in amount
of $234.65 (because you are either child pornography webmaster or deal
with dirty money, which require us to layndry them and then send to your
checking account).
If you feel this transaction was made by our mistake, please press "No".
If you confirm this transaction, please press "Yes" and fill in the form
below.

                                     [FORM]

                      Enter your credit card number here:

                    Enter your credit card expiration date:

                                   Contacts:
                             Phone: +5982 902 5627
                              Fax: +5982 902 3114
                          E-mail: support@fethard.biz
                                 ICQ: 156746629

------------------------------------------------------------------------

I forwarded it to abuse@umich.edu. 

I doubt that my credit card has actually be debited for that amount as
then why would they be asking for my credit card number?

#36 of 71 by scott on Sun Aug 17 02:32:57 2003:

It's just to get your attention.  What they really want is a click on either
option so they know it's a spammable address.

#37 of 71 by gelinas on Sun Aug 17 02:54:05 2003:

Yup; 'board@cyberspace' received a message about "our" Citibank checking
account.  A first glance, the URL looked almost reasonable: it did mention
"www.citibank", but a closer look confirmed my first impulse: ignore the
sucker.

#38 of 71 by bru on Sun Aug 17 04:24:14 2003:

why don't you take action to stop ths spam!

Well, okay.  I realize there isn't a lot to do.  But in the past year my spam
mail on this system has gone up 1000%

#39 of 71 by rcurl on Sun Aug 17 05:54:00 2003:

Mine too. I would like a way to block/divert spam in pine.

#40 of 71 by i on Sun Aug 17 07:07:12 2003:

Upgrading grex's anti-spam defenses is currently on the back burner;
getting our e-mail working on the new grex system is a higher priority.

With our extremely diverse user base, grex can't adopt many of the anti-
spam rules used by businesses - blanket blocking of "high-spam" countries,
rejecting e-mail not in english, tossing anything containing words like
p*nis/viag-ra/ref!nance, etc.

At least for the technically inclined, there probably are some things that
you can do here (with pine? - i don't know) to weed out some of the spam.
But note that effective anti-spam tends to be high-maintenance, because the
spammers keep changing their tactics in order to preserve their incomes.

#41 of 71 by tpryan on Sun Aug 17 15:07:54 2003:

        Can anything be done on a high percentage of < or > in relationship
to the entire character count?   Or high use of <!--  ?

#42 of 71 by scott on Wed Aug 20 12:43:38 2003:

Not sure if it's viruses or spam, but all of a sudden I've started getting
bogus "your email could not be delivered" messages from addresses I've never
sent email to.

#43 of 71 by remmers on Wed Aug 20 13:38:09 2003:

Same here.

#44 of 71 by goose on Wed Aug 20 14:36:36 2003:

My wifes office gets hundreds of those a day.  It's a real problem with
no real solution other than careful filtering.

#45 of 71 by rcurl on Wed Aug 20 15:22:00 2003:

Aren't those the result of viruses sending e-mail using your address from
address files in other people's computers? I get those every couple of
weeks or so.

#46 of 71 by gull on Wed Aug 20 15:39:13 2003:

There's been a big rush of them lately because W32.SoBig.F is spreading
very rapidly.  A friend of mine has been getting over 400 copies of the
virus a day.

#47 of 71 by goose on Wed Aug 20 18:05:08 2003:

RE#45 --  I think so. Folks at michigangroup.com and some k12 system in
Virginia must have really lousy virus scanning tools.

#48 of 71 by tod on Wed Aug 20 18:58:04 2003:

This response has been erased.

#49 of 71 by scott on Wed Aug 20 20:23:26 2003:

Wow, you mean it works on Linux as well as Windows?

Actually, these seem to be coming from a mailing list I'm on, so it's likely
somebody else (who? mostly Mac zealots) on the list is infected.

#50 of 71 by keesan on Thu Aug 21 02:23:29 2003:

I have been getting about five a day for three days.

#51 of 71 by remmers on Thu Aug 21 02:58:05 2003:

Right, I'm on Linux too, so I doubt I'm infected, or that the removal
tool is executable on my machine.

#52 of 71 by pvn on Thu Aug 21 05:00:37 2003:

Yep, probably sobig.f bounce messages from email sent from an infested
machine that you are in the address book of.  One org who had to split
its smtp mta onto a separate machine from the lotus notes cluster
reports 70% of inbound smtp email to be sobig.f propagation attempts.
It couldn't have happened at a better time, not!  Thank bill.

#53 of 71 by tod on Thu Aug 21 17:44:16 2003:

This response has been erased.

#54 of 71 by polygon on Thu Aug 21 20:40:06 2003:

According to the Milwaukee Sentinel, CSX Railroad has shut down train
service due to the Sobig virus, which essentially shut down their
communications net.

#55 of 71 by polygon on Thu Aug 21 20:44:10 2003:

Last I checked, I had over 5,000 virus emails (presumably mostly Sobig),
and hundreds of bounce messages, both from undeliverable messages and
from virus detection screens on all kinds of systems.

Maybe one of these days, authors of the antivirus programs will realize
that it no longer makes any sense to send replies to forged "From:"
headers.  I got quite a few of these for the Klez virus, which also
forged From: lines, but this attack seems to be tremendously larger.

I think the last major virus which revealed the victim's name in the
origin of the virus messages was SirCam.

#56 of 71 by gull on Fri Aug 22 13:28:09 2003:

SirCam was fun because you got a random document off someone else's
machine with each copy. ;>

#57 of 71 by polygon on Sun Aug 24 22:53:46 2003:

Re 56.  Yes, but it was somehow encrypted; I couldn't see how to read the
file without running the virus.

#58 of 71 by gull on Mon Aug 25 12:58:00 2003:

If I remember right, the virus code was just tacked on the beginning, a
bit like a Zip self-extractor.  If you knew how long it was you could
strip it off.  I never tried it, but I know other people did.

#59 of 71 by rcurl on Tue Aug 26 18:01:42 2003:

Re #39ff: I have tried to use the filter function in pine, on CAEN, with
very weird results. I filtered only on the Subject line of Email, with a
comma-delimited list of "patterns", with the action delete. That resulted
in my INBOX being emptied of *everything*. I finally figured out how to
specify a destination folder, which put some messages there, but including
some that did not have the filter patterns. I fiddled some more with it,
with the result that when I opened the sent-file folder, it moved
*eveything* in it to the filter destination folder. I've turned the whole
filter thing off (I hope...) before it wipes all my e-mail folders clean. 
Unfortunately, the HELP function for the pine filter is written for those
that wrote it, not for newcomers to it.

#60 of 71 by rcurl on Thu Aug 28 06:54:41 2003:

From Riyaz_Brett@cis.net Thu Aug 28 02:48:38 2003
Date: Thu, 28 Aug 2003 15:49:11 -0400 (EST)
From: Kylie Zachary <Riyaz_Brett@cis.net>
To: ranecurl@umich.edu
Subject: Buy drugs, Heroin, Tomohawk rockets, cocaine and other shit

Welcome to the site http://www.darkprofits.com, it's us again, now we
extended our offerings, here is a list: 

1. Heroin, in liquid and crystal form.

2. Rocket fuel and Tomohawk rockets (serious enquiries only).

3. Other rockets (Air-to-Air), orders in batches of 10.

4. New shipment of cocaine has arrived, buy 9 grams and get 10th for
free.

5. We also offer gay-slaves for sale, we offer only such service on the
NET, you can choose the one you like, then get straight to business.

6. Fake currencies, such as Euros and US dollars, prices would match
competition.

7. Also, as always, we offer widest range of child pornography and
exclusive lolita galleries, to keep out clients busy.

Everyone is welcome, be it in States or any other place worldwide.

ATTENTION. Clearance offer. Buy 30 grams of heroin, get 5 free. Prepay
your batch of rockets (air-to-air) and recieve a portable rocket-lacuncher
for free.

http://www.darkprofits.com

This offer won't last! Only until 20th of August all our clients will also
recieve a pack of 2 CDs, with best selection of child pornography.

#61 of 71 by gull on Thu Aug 28 12:52:46 2003:

I got that one today, too.

#62 of 71 by gull on Thu Aug 28 12:54:05 2003:

Hmm.  I visited the site and it's actually a web discussion board about
online anonymity.  Interesting.

#63 of 71 by polygon on Thu Aug 28 15:47:39 2003:

A really amazing example of the use of comment tags to break up spam text.

Note also that the From: line is forged to be the same user name as the
recipient.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Return-Path: <Polygon@earthlink.net>
Received: from nellys-deals.org ([61.154.118.6])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h7J9ZsM8025591
        for <polygon@potifos.com>; Tue, 19 Aug 2003 05:36:00 -0400
Received: from nellys-deals.org by r1pwumsnl3ck90.nellys-deals.org with
    SMTP for polygon@potifos.com; Tue, 19 Aug 2003 05:35:18 -0500
Date: Tue, 19 Aug 2003 05:35:18 -0500
Content-Type: text/html; charset=iso-8859-1
From: Polygon@earthlink.net
Content-Transfer-Encoding: 8BIT
Message-Id: <3eqa9x.8l07tb2e5gko5q.Polygon@earthlink.net>
Subject:
To: polygon@potifos.com
X-MSMail-Priority: Normal

<html><body><br><br>Yo<!--Very well, very well, said the major, who was in
ecstasy -->ur requ<!--Very well, very well, said the major, who was in
ecstasy -->ested - ha<!--Very well, very well, said the major, who was in
ecstasy -->nd cra<!--Very well, very well, said the major, who was in
ecstasy -->fted ti<!--Very well, very well, said the major, who was in
ecstasy -->mepie<!--Very well, very well, said the major, who was in
ecstasy -->ces. <br><br>Y<!--Very well, very well, said the major, who was
in ecstasy -->ou m<!--Very well, very well, said the major, who was in
ecstasy -->ay al<!--Very well, very well, said the major, who was in
ecstasy -->so b<!--Very well, very well, said the major, who was in
ecstasy -->e inte<!--Very well, very well, said the major, who was in
ecstasy -->rested ov<!--Very well, very well, said the major, who was in
ecstasy -->er 2<!--Very well, very well, said the major, who was in
ecstasy -->0 br<!--Very well, very well, said the major, who was in
ecstasy -->ands avai<!--Very well, very well, said the major, who was in
ecstasy -->lable i<!--Very well, very well, said the major, who was in
ecstasy -->n o<!--Very well, very well, said the major, who was in ecstasy
-->ur wi<!--Very well, very well, said the major, who was in ecstasy -->de
sel<!--Very well, very well, said the major, who was in ecstasy -->ection
a<!--Very well, very well, said the major, who was in ecstasy -->s
we<!--Very well, very well, said the major, who was in ecstasy
-->ll<br><br><a href ="http://www.flight-place.biz">Ple<!--Very well, very
well, said the major, who was in ecstasy -->ase vi<!--Very well, very
well, said the major, who was in ecstasy -->ew ou<!--Very well, very well,
said the major, who was in ecstasy -->r lar<!--Very well, very well, said
the major, who was in ecstasy -->ge selec<!--Very well, very well, said
the major, who was in ecstasy -->tion b<!--Very well, very well, said the
major, who was in ecstasy -->y clic<!--Very well, very well, said the
major, who was in ecstasy -->king he<!--Very well, very well, said the
major, who was in ecstasy -->re no<!--Very well, very well, said the
major, who was in ecstasy -->w.</a><br><br>W<!--Very well, very well, said
the major, who was in ecstasy -->e lo<!--Very well, very well, said the
major, who was in ecstasy -->ok for<!--Very well, very well, said the
major, who was in ecstasy -->ward to spe<!--Very well, very well, said the
major, who was in ecstasy -->aking wi<!--Very well, very well, said the
major, who was in ecstasy -->th y<!--Very well, very well, said the major,
who was in ecstasy -->ou.<Br><BR>Of<!--Very well, very well, said the
major, who was in ecstasy -->f Li<!--Very well, very well, said the major,
who was in ecstasy -->st <a href ="http://www.flight-place.biz">Here </a>
Th<!--Very well, very well, said the major, who was in ecstasy -->ank
y<!--Very well, very well, said the major, who was in ecstasy
-->ou.<br><BR><br></body></html>

#64 of 71 by polygon on Thu Aug 28 15:51:24 2003:

This one is odd for different reasons.  The original text was in three
languages;  only the English section is included below. 



---------- Forwarded message ----------
Return-Path: <MAILER-DAEMON@bacon.hamjudo.com>
Received: from TmpStr (adsl-80-4-244.mia.bellsouth.net [65.80.4.244])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h7RHZLM8001726
        for <polygon@potifos.com>; Wed, 27 Aug 2003 13:35:25 -0400
Message-Id: <200308271735.h7RHZLM8001726@bacon.hamjudo.com>
Reply-To: "PANAMERICAN SEMINARY"<>
From: "PANAMERICAN SEMINARY"<>
To: "Lawrence Kestenbaum" <polygon@potifos.com>
Organization:
X-Priority: 3
X-MSMail-Priority: Normal
Subject:
Sender: "PANAMERICAN SEMINARY"<>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Sat, 2 Aug 2003 13:34:46 -0700

Panamerican Seminary
4081 N. Federal Hwy
Suite 120-B
Pompano Beach, FL USA 33064
Phone:  (954) 941 9975

Dear brother or sister in Christ,

Analyzing the necessity of theological formation of many workers of God
and, on the other hand, the difficulty that many of you have to attend
regular classes in a regular seminary, we elaborate some long-distance
courses, through the system of open university to take care of similar
demands like these.

After a lot of work and based upon the courses that are given by the
universities of  Phoenix, Devry, Salamanca, London and others of
Europe, we create the course of Bachelor in Theology through the
system of notorious knowledge.

This system has the advantage to use the knowledge that you already
have acquired in your evangelical tasks, in your studies, in the teaching
of the Word, in Bible schools and, even though in the preparation and
delivery of sermons.

The method is original.  Although you will not receive theological
information, you will receive the theological formation that you need.
How?  Proving that you know what you know.  We deliver to you a book
of 104 pages with designed tests of 45 different subjects, many of them
purely biblical and others theological ones, by the system of multiple
choice or "false or true". Your course can be sent in any of these three
languages: English, Spanish or Portuguese. Please, make us know in
which language you want your course.

After you answer the questions in the sheets of answers, you will send
them so that we make the evaluation.  If you obtain at least grade 6,0 in
each subject and general average 7,0, you will be duly graduated. At any
time of the year when you finish your course, you will receive your diploma
immediately but, if you are willing to attend the graduation ceremony in the
end of the year, here in the United States, at South Florida, it will be very
important for the record of your life.

After a lot of planning, we concluded that although the course worth a lot
more, we will request only the payment of US$210.00 (two hundred and
ten American dollars).  In any other theological course you would have to
spend two, three or four years and would pay the amount of two to seven
thousand dollars.

Now, a good notice:  you can pay your course through monthly
installments of one hundred dollars. The first payment of US$70.00
(seventy dollars) must be made in advance and the other payments in the
next two months.

The payments can be made by check to the order of Stardel Inc., from
anywhere in the world.  If you prefer, send a money order or any other
way that you choose. You write your check in the currency of your
country with the equivalent value.

As soon as we receive your check, we will send your academic material
and we will be wishing all the success of the world for you. Take the time
you need.  We do not place any limitation to your work.

We have all the confidence, dear brother or dear sister, that God will
bless you in a special way, with the achievement of this course that will
be a great victory in your life.  Please send your answers by mail to the
following address:

Panamerican Seminary
4081 N. Federal Hwy
Suite 120-B
Pompano Beach, FL USA 33064
Phone:  (954) 941 9975


The Lord bless you!
Dr. Paulo de Arag�o Lins, Director

#65 of 71 by polygon on Thu Aug 28 15:56:19 2003:

And here's the latest manifestation of the warp drive spam (paragraphs
reformatted):

Still not at all sure whether this is generated by an insane or deluded
person, or whether it's essentially a null message sent out by spammers to
check addresses.


---------- Forwarded message ----------
Return-Path: <dr@bahn.de>
Received: from HSY ([218.17.251.21])
        by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h749eoc5021377
        for <polygon@potifos.com>; Mon, 4 Aug 2003 05:41:13 -0400
Received: from kvk.r6e1.org [223.245.57.136] by HSY with ESMTP id
    <543488-29042>; Mon, 04 Aug 2003 06:41:16 -0700
Message-ID: <n$hh98208o---2e77ny-5--$n23$a@65nut.mr3e>
From: "" <dr@bahn.de>
To: <polygon@potifos.com>
Subject: Dimensional warp Generator Needed qg  ujwaizpmg
Date: Mon, 04 Aug 03 06:41:16 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="7_C85..B_C_24ED99.9"

Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional
warp generator stopped working. I trusted a company here by the name of
LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on
me. I am going to need a new DWG unit, prefereably the rechargeable AMD
wrist watch model with the GRC79 induction motor, four I80200 warp
stabilizers, 512GB of SRAM and the menu driven GUI with front panel XID
display. 

I will take whatever model you have in stock, as long as its received
certification for being safe on carbon based life forms. 

In terms of payment:
I dont have any Galactic Credits left. Payment can be made in platinum
gold or 2003 currency upon safe delivery of unit. 

Please transport unit in either a brown paper bag or box to below
coordinates on Monday August 4th at (exactly 3:00pm) Eastern Standard Time
on the dot. A few minutes prior will be ok, but it cannot be after. If you
miss this timeframe please email me. 

Latitude N 42.47935 & Longitude W 071.17355 and the Elevation is 119.
WARNING: DO NOT ATTEMPT TO TRANSPORT ITEM BY REGULAR MEANS OF
TELEPORTATION. THEY ARE MONITORING AND WILL REDIRECT THE SIGNAL!!  I DO
NOT CARE HOW YOU HAVE TO GET IT HERE, JUST DO IT IN A WAY THAT NO SPYING
EYES WILL POSSIBLY BE ABLE TO REDIRECT THE TRANSFERENCE. IT IS VERY
IMPORTANT THAT YOU BE ABLE TO MONITOR THE TRANSFER. 

Although those coordinates are a secure guarded area, these channels
through email are never secure. Unfortunately it is the only form of
communication I have right now. 

After unit has been sent please email me at: info@federalfundingprogram.com
with payment instructions. Do not reply directly back to this email.

Thank You


groancjyoqv le ilw uxx

#66 of 71 by tpryan on Thu Aug 28 16:54:18 2003:

re 63   Well, it would break the filter that coould look and see
if the proportion of 'x', 'y', and 'z' is way out of line with
regualar english usage.

#67 of 71 by gull on Thu Aug 28 23:47:40 2003:

Re #65: I don't see why they would use a null message to check
addresses, when they could be making money with a real one and
accomplishing the same thing.

#68 of 71 by polygon on Fri Aug 29 01:39:45 2003:

Re 67.  Maybe a "real" (paying) one isn't always immediately available for
a specific list.

The letter does bear the hallmarks of a spamhaus, including the randomly
generated strings of characters and so on.  Maybe there is a guy who
believes he is a time traveler and pays money to spammers to blast his
message out to the whole world.

It is curious that the message has changed significantly since it first
appeared a couple of years ago.  I seem to recall that the first one I
ever saw closed with the hilarious line: "Please do not respond if you are
an evil alien."

#69 of 71 by i on Sat Aug 30 12:10:28 2003:

I've heard that those spams have been traced back to a by-some-accounts
mentally disadvantaged young man in ?New England?.  Supposedly several
people have sold him fake warp drive/time machine/etc. parts for real
money, and his family's not happy at all with the situation.

#70 of 71 by jmsaul on Sat Aug 30 14:00:56 2003:

Right:

  http://www.wired.com/news/culture/0,1284,60141,00.html

#71 of 71 by tod on Sat Aug 30 20:00:14 2003:

This response has been erased.

There are no more items selected.

You have several choices:

Go to the menu of items for the Agora46 conference
Go to the list of conferences
Go to the opening screen