email spam

if someone got ****ed off and sent me a spam email with only several
pictures that you usually see when the pics have broken links and the
link to all the pics reads...
http://7%75%69%7a%445%6f%79%6b%66%74...2e%68%74%6d%6c

what would they be trying to do ?

diespammer

"diespammer" <> wrote in message
news:...
> if someone got ****ed off and sent me a spam email with only several
> pictures that you usually see when the pics have broken links and the
> link to all the pics reads...
>
http://7%75%69%7a%445%6f%79%6b%66%74...2e%68%74%6d%6c
>
> what would they be trying to do ?

They have encoded the URL, in an effort to get it through a scanner.

You'll occasionally se legitimate use of this encoding (e.g. "Fred
Flintstone" would encode to Fred%20Flintstone, because 20 in hexadecimal
[base 16, what most people use these days for binary stuff] is equal to 32
in decimal [computers don't have fingers!]. ASCII 32 is " " (space)

The site decodes to www.only-best-things.com

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Hairy One Kenobi

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote...
> "diespammer" <> wrote in message
> news:...
>> if someone got ****ed off and sent me a spam email with only several
>> pictures that you usually see when the pics have broken links and the
>> link to all the pics reads...

[snip long url]

>> what would they be trying to do ?
>
> They have encoded the URL, in an effort to get it through a scanner.

[snip explanation]

> The site decodes to www.only-best-things.com

Also, the part before the @ symbol could be an identifier. If this URL
is part of an 'img src' it will try and fetch the graphic if you open
or preview the email in something like Outbreak Excess. This 'user ID'
is sent with the http request and could confirm to the spammer that you
opened the email, and thus your address is valid.

Ant

On Tue, 2 Dec 2003 16:42:33 -0600, diespammer wrote
(in message <>):

> if someone got ****ed off and sent me a spam email with only several
> pictures that you usually see when the pics have broken links and the
> link to all the pics reads...
> http://7%75%69%7a%445%6f%79%6b%66%74...%491%71%79%50%
> 62%61%50%4c%68%6a6%51%59%63%68%77%78%780%6d%6f1%74 7%65%6e%49%4f%61%52%7a%63%6
> a72%76%68%54%74%7a%64%6e%71%63%42%49%498%67%49%77% 47%4a%5a%4d%5a%6d%77%4f%79%
> 6f%6e@%77%77%77%2e%6f%6e%6c%79%2d%62%65%73%74%2d%7 4%68%69%6e%67%73%2e%63%6f%6
> d/%6c%65%61%64%73/%69%6e%64%65%78%2e%68%74%6d%6c
>
> what would they be trying to do ?
>

The best thing you can do to fight SPAM is to do some research. One of
the most complete collection of pages I have found on "email SPAM" is:

http://email.about.com/cs/spamfightingtips/

--
Snake-Eyes
(nickname) AT mchsi DOT com

Snake-Eyes

"Ant" <> wrote in message
news:bqjfrh$co1$...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote...
> > "diespammer" <> wrote in message
> > news:...
> >> if someone got ****ed off and sent me a spam email with only several
> >> pictures that you usually see when the pics have broken links and the
> >> link to all the pics reads...
>
> [snip long url]
>
> >> what would they be trying to do ?
> >
> > They have encoded the URL, in an effort to get it through a scanner.
>
> [snip explanation]
>
> > The site decodes to www.only-best-things.com
>
> Also, the part before the @ symbol could be an identifier. If this URL
> is part of an 'img src' it will try and fetch the graphic if you open
> or preview the email in something like Outbreak Excess. This 'user ID'
> is sent with the http request and could confirm to the spammer that you
> opened the email, and thus your address is valid.

Correct. (I didn't bother to translate the whole URL). The bit on the left
is a username or username/password combination n the format:

http://username/path/page.html

Unless you've a very good reason, it's a good rule of thumb to avoid
anything that has a username or password and uses http instead of https - a
"genuine" site probably wouldn't want to spray a password all over the 'net
;o)

H1K

Hairy One Kenobi