Debugging an empty spam email (2016)

Debugging an empty spam email (2016)(blog.petersobot.com)

33 points by psobot 3 years ago | 8 comments

GrumpyNl 3 years ago |

So it turns out that the spammer doesnt know what he is doing by spamming unreadable mails.

trinsic2 3 years ago | |

I'm not sure if you read the article, but my take on it was that the spammer hid a scam message in a embedded PNG file that may get decoded on older style email clients, but gmail did not render the data-uri for some reason. It might have been part of gmails spam recognition to not render the image in this instance. The message itself got through the spam filters, but it rendered empty because the embedded image did not get displayed.

ljp_206 3 years ago | | |

As soon as you suggested that such an embedded PNG may only work on an older client, a lightbulb went off for me.

Most spam is predicated on attacking those too technologically literate to vet the attack. A smart scammer could create an email that would go under the radar of more modern client users, who are likely to report the message as spam and reduce the scammer's reach. If the message only works in older clients used by softer targets, then their chances of success are increased.

If this is the intended method of the attack, it's quite clever. Imagine if you could still blanket spam every email you come across, but only target users with old, outdated clients, who are likely older, less technologically savvy, etc... It would be well worth the R&D time.

Such reasoning follows the theory that spam messages include many typos in order to weed out 'smart' users, who are not desirable targets anyway.

kingcharles 3 years ago | | |

I'm unsure why Gmail didn't render the image. It sure as hell renders all of the ones I get if the email itself is not flagged as spam (as in this case). The image is embedded into the email, so there is no privacy or tracking issue from rendering it.