I am pretty tolerant to spam mails, perhaps because I’ve got a good filter (spam assassin) on my mail server.  Also, the recent hunting down of major spammers (including one murdered…) around the globe does have an effect.  My daily spam log has items reduced from 120+ to 60+ - almost down by half.

However, I am not so tolerant to spoof mails.  These mails are deceptive in nature and even for a technical guy like me (well, comparing to my wife at least…), it’s difficult to be identified at a glance.

So, I decided to fight back yesterday.  One spoof mail almost made me believe that my old pal contacted me.  It looked so innocent because there was no url to click and it sold nothing.  Just a plain sentence “Didn’t you write me?”.

The trick is the image link inside the mail:

<img src="http://www.sohomall.idv.tw/send/send.asp?you@yourISP.com">


There is no image pointed by the link and thus can go unnoticed easily.  However, it will trigger a request to the spammer's server and register your e-mail address.  So, this is pre-spam activity – verify the address first.

If you read the mail, then you don ‘t even need to reply and will practically send back a positive acknowledgement to the spammer that this is a real address⁽¹⁾.  Subsequent spam mails to your inbox like cats and dogs are guaranteed.

The use of image link in this manner does not constitute a crime – Slashdot RSS does it as well as many other e-mail marketing mails.  As long as the content is ok, I am ok.  I am not ok with spoof mail because it tries to fool me.

So, since the sender of “Didn’t you write me?” yearned that much for e-mail addresses, I sent the folk thousands.  By shooting up 4 windows of cygwin bash shell, I executed:

for (( i=44001; i<50000; i++ )); do wget -O f**ker5.htm -U "f**k you spammer" http://www.sohomall.idv.tw/send/send.asp?Sender=do.not.$i@spam.com; done;


Two rounds of attack were executed.  The first round rendered www.sohomail.idv.tw blocking my ISP proxy IPs.  So, I switched to dial-up (thus another range of proxy IPs) and ran for a 2nd round.

This is not a good way to take revenge (do not follow without parental guidance), but better than murdering the spammer…

Notes

(1)

For those who use Thunder Bird or Mozilla Mail, you may block loading of remote images in mail messages.  This will deactivate those tricky image links by default.  You may opt to unblock on a per message basis during mail reading afterwards.