SPAM (bad email)
sent to me

circa 2010

a MENU

Home > RefInfo menu >

Computer Topics menu (Security section) >

This Spam eMail Samples MENU page
(revealing source IP addresses)

! Note !
This was intended to be an on-going project.
Namely: Collect spam that I receive and file the headers
under the apparent source IP address. Then add 'whois' info.

Around 2012, my email/ISP provider (or someone)
seemed to start doing a much better job of
filtering spam out of email. So this project
has gone into a dormant state.
(But it may be revived.)

< Go to Table of Contents, below. >
(Skip the Intro)

INTRODUCTION :

I hate spam and spammers. Not only because dealing with spam is a waste of my time and a frustrating nuisance --- but also because some of the spammers are trying to gather personal information and cause damage to my computer or my financial well-being.

    I have given a fairly detailed description of a trojan horse infection of Microsoft Windows in a blog post. It happened during web browsing, but it could just as easily have happened by clicking on a web link in an email.


On Spammers and their Congressional facilitators :

The spammers' motives may be simply anti-social or they may be trying to get rich --- often both. (Many apparently get perverse pleasure out of screwing around with other people while trying to take their hard-earned money.)

Whatever their motives, I believe that public punishments like stoning and tar-and-feathering should be brought back and applied to these abominable, despicable, shameful protoplasmic life forms --- these poor excuses for human beings.

I believe they should be given a bottle of water and a blanket and a parachute and pushed out of a plane flying over one of the Aleutian islands. There they could compete with each other to survive. They are resourceful. Perhaps they will survive and start another Australia, like convicts from England did over a century ago.

    It is just as despicable that the U.S. Congress has been avoiding (for about 20 years and counting) passing laws with real teeth, that the Executive branch could use to clamp down on these creatures.

    (The Executive branch --- FTC or FBI or FCC or whoever --- also needs sufficient funding, from Congress, to be effective.)

    There are plenty of Republicans (almost all of them, as a matter of fact), and many Democrats, who mouth platitudes like "not wanting to discourage innovation by entrepreneurs" as excuses (absolutely ridiculous ones) for not doing what any socially-responsible legislator in government should be doing.

    Finding new ways to spam people (to get their hard-earned money and/or to mess up their computers) is NOT the kind of innovation that we need --- and I am sure our forefathers would not approve of using obviously contrived Constitution-based arguments to justify allowing these low-life life-forms to 'innovate' in that way.

    Many of those legislators deserve stoning and tar-and-feathering, just as much as the spammers.


Left to our own devices
--- mostly, poor devices :

Since there is not going to be any meaningful crackdown on spammers (and their host providers) in the forseeable future, it is left to the individual computer user to come up with a strategy for dealing with spam.

    Many 'home' users have found a reasonably pain-free solution by opening a Gmail account with Google. Google seems to have very aggressive spam filtering routines in place. But there are those of us who do not trust a 'third-party' provider to adequately protect our email, 'in the cloud', from deletion, abandonment, or misuse.

There are filters (in email 'client' software and in mail server software) based on

  • 'Received from' email addresses and host domain names

  • text strings in Subject lines or in the body of an email, including automated 'Bayesian' filtering of such text built into some email clients

But spammers have worked around these kinds of filters --- using phony email addresses, constantly shifting (or using 'spoofed') host names, and using graphics files or 'doctored' keyword text strings to get around Bayesian (statistical) filters based on text strings.

Example 'camouflaged' Subject line of a spam mail:

Get t5e m3ds yo8 n8ed with us a4d save

Translation:

Get the meds you need with us and save

Another example of a 'camouflaged' Subject line:

V"i"#'agra on Sal_e today

It is amazing to me that anyone would trust someone who would send 'doctored' emails like this to provide them with trustworthy medicines. But apparently people actually respond to these ads with their money.


Types of spam :

In the 2005 to 2008 time frame, I was receiving spam of several different types:

  • Rolex ads
  • mortgage offerings
  • make-money-at-home ads
  • male enhancement ads
  • Viagra ads
  • cheap meds (all types of medications) ads

In 2009 and 2010, all the spam I receive is the latter type, cheap medications ads --- with scrambled titles in the Subject line --- and usually with a link to a web site --- often with a yahoo.com or docs.google.com or writely.com or msn.com domain name in the address.

    It amazes me that these spammers can expect anyone to respond to emails with scrambled Subject lines and phony return email addresses. There truly must be a sucker born every minute --- or there are a lot of desperate, sick people out there who believe that drugs can solve their health problems.

    Most of these 'target' people do not realize that most of them do not need to ADD something new to their ingestion patterns --- like one OR MORE drugs.

    Rather they need to REMOVE something from their life. Typically, they need to remove something in their diet (way too much sugarS and starches) or they need to cease smoking. They are too late, perhaps, if their kidneys, pancreas, lungs, cartilage, liver, or whatever is extremely damaged.

    But they should cease (REMOVE), in any case, to help a miracle to occur, if any is coming. In such a dire situation, it is too late for simplistic drugs to restore their complex organs to their former selves.

    If the 'target' people are intent on going the pharmaceuticals route, they should be aware that they probably cannot depend on getting good quality drugs from spammers like these. In fact, they may not receive delivery at all.


Blocking Bad Mail or Allowing Good Mail
--- or Both? That is the question.

Back to dealing with spam:
I feel that the only real way to avoid the spam is to block bad (or allow good) mail by IP address.

I would not mind blocking mail by source-country.

For example, it is known that a lot of spam comes from Korea. I know that I will probably never need to receive an email from anyone in Korea. I am quite willing to block mail from all Korean IP addresses --- that is, shunt such emails into a Suspected-Spam folder.

    Unfortunately, the Internet Administration people who assign IP addresses did not have the foresight to allocate large blocks of IP addresses to each country, in proportion to their population.

    Instead, they assign small ranges of IP addresses to applicants, with little regard for keeping address ranges for each country contiguous.

    On this web site, there is a page of 'External Links' to information related to SPAM. The IP lookups section of that Spam Links page can give examples of the 'scattered' nature of the IP address assignments.

    If that page is not helpful enough, you could try a WEB SEARCH on keywords such as 'ip address ranges for countries' to find sites that provide information on all the IP address blocks assigned to a specific country.

    In Jan 2019, there was nice country-IP-blocks information at www.nirsoft.net/countryip/.

    Instead of being able to block all Korean addresses by specifying a single block of IP addresses --- for example, all addresses whose IP address 'prefix' is

    • 60, OR
    • 60.30 through 60.115, OR
    • 60, 61, and 62

    there are literally hundreds (if not thousands) of address ranges that need to be specified to block South Korean IP addresses. (And North Korea seems to be a 'black hole' of IP addresses.)

A better way to go, instead of blocking ('black-listing'), may be to allow certain ranges of addresses (a 'white list') and block everything else.

Then whenever you find an IP address, in an 'acceptable country' range of addresses, that you need to block (such as an IP address within a range assigned to Comcast or Yahoo, say), you could remove that address (or a 'containing' address range) from the group of 'white-listed' addresses and address ranges.

To gain an understanding of the 'black-list' address types and ranges, this page provides access to IP addresses that have sent me spam in the past --- around 2009 to 2010.

    I intend to start a page that lists 'good IP addresses', to gain an understanding of the 'white-list' address types and ranges.

    This is all intended to lead to a way to filter mail (and to filter network traffic) that is suited to my needs --- and probably suited to the needs of many others.


The spam files collection process :

As I go through my email, I put the spam that gets past the filters (if any) of my ISP provider into a 'Spam_NOTfiltered' folder. This folder is really a file with all the emails concatenated together in the file, but with a 'From - ' line that indicates the start of each email.

    I use Thunderbird for mail and the folder files are in a 'Local Folders' directory. The full path is of the form

    /home/[userid]/.mozilla-thunderbird/[scrambled-alphanumeric-chars].default/Mail/Local Folders

    I have created some utility scripts to occassionally scan this Spam 'folder file', separating the individual SPAM emails into separate files, and naming the files with the apparent source IP address.

    Also I concatenate 'whois' information for the IP address, to the bottom of each mail file.

    The 'Table of Contents' menu below provides access to those spam emails, essentially in order by (apparent) source IP address.


    Network traffic filtering,
    as well as email filtering :

    Eventually, I would like to use a whitelist-blacklist utility (based on the 'iptables' filtering system of Linux) --- such as ufw (Ubuntu's Uncomplicated FireWall), iplist, or moblock --- to block IP address access to the network card on my computer. At that time, this info on black-list candidates (and white-list candidates) will be useful.

    In order to allow access to international web sites, however, I may have to allow more IP address ranges access to my network card. In other words, the 'allowed' IP address ranges for email receipt will probably be more restrictive than the access requirements for web browsing.

Table of Contents:

(link to a page-of-links
to spam e-mail samples)

Spam-samples links, all on one page
(links in order by apparent 'source' IP addresses)



The following may be implemented someday:

If I ever collect many more spam email files, I may

  • extract just the header lines from each email into a text file (assuming some of the emails are rather lengthy or may include links to dangerous web sites)

  • determine the apparent 'source' IP address

  • make directories --- '000' to '255' --- and put each header file into the directory corresponding to the 'first octet' of the source IP address

  • make a links web page in each directory --- example: 000/spam_000.htm --- with links to the header text files in that directory

Then I would turn the following web page names into links, by which one could see examples of spam email headers corresponding to any given first-octet of an IP address.

    Unfortunately, the IANA organizations did not dole out a CONTIGUOUS IP address block to each country. So the first-octet of an IP address does not clearly indicate which country (or group of countries) an email came from.

    But SOME octets are pretty much assigned to about one to 5 countries. So this partitioning of the spam headers can provide some semblance of organization of spam emails according to country source.

    ./000/spam_000.htm
    ./001/spam_001.htm
    ./002/spam_002.htm
    ./003/spam_003.htm
    ./004/spam_004.htm
    ./005/spam_005.htm
    ./006/spam_006.htm
    ./007/spam_007.htm

    ./008/spam_008.htm
    ./009/spam_009.htm
    ./010/spam_010.htm
    ./011/spam_011.htm
    ./012/spam_012.htm
    ./013/spam_013.htm
    ./014/spam_014.htm
    ./015/spam_015.htm

    ./016/spam_016.htm
    ./017/spam_017.htm
    ./018/spam_018.htm
    ./019/spam_019.htm
    ./020/spam_020.htm
    ./021/spam_021.htm
    ./022/spam_022.htm
    ./023/spam_023.htm

    ./024/spam_024.htm
    ./025/spam_025.htm
    ./026/spam_026.htm
    ./027/spam_027.htm
    ./028/spam_028.htm
    ./029/spam_029.htm
    ./030/spam_030.htm
    ./031/spam_031.htm

    ./032/spam_032.htm
    ./033/spam_033.htm
    ./034/spam_034.htm
    ./035/spam_035.htm
    ./036/spam_036.htm
    ./037/spam_037.htm
    ./038/spam_038.htm
    ./039/spam_039.htm

    ./040/spam_040.htm
    ./041/spam_041.htm
    ./042/spam_042.htm
    ./043/spam_043.htm
    ./044/spam_044.htm
    ./045/spam_045.htm
    ./046/spam_046.htm
    ./047/spam_047.htm

    ./048/spam_048.htm
    ./049/spam_049.htm
    ./050/spam_050.htm
    ./051/spam_051.htm
    ./052/spam_052.htm
    ./053/spam_053.htm
    ./054/spam_054.htm
    ./055/spam_055.htm

    ./056/spam_056.htm
    ./057/spam_057.htm
    ./058/spam_058.htm
    ./059/spam_059.htm
    ./060/spam_060.htm
    ./061/spam_061.htm
    ./062/spam_062.htm
    ./063/spam_063.htm

    ./064/spam_064.htm
    ./065/spam_065.htm
    ./066/spam_066.htm
    ./067/spam_067.htm
    ./068/spam_068.htm
    ./069/spam_069.htm
    ./070/spam_070.htm
    ./071/spam_071.htm

    ./072/spam_072.htm
    ./073/spam_073.htm
    ./074/spam_074.htm
    ./075/spam_075.htm
    ./076/spam_076.htm
    ./077/spam_077.htm
    ./078/spam_078.htm
    ./079/spam_079.htm

    ./080/spam_080.htm
    ./081/spam_081.htm
    ./082/spam_082.htm
    ./083/spam_083.htm
    ./084/spam_084.htm
    ./085/spam_085.htm
    ./086/spam_086.htm
    ./087/spam_087.htm

    ./088/spam_088.htm
    ./089/spam_089.htm
    ./090/spam_090.htm
    ./091/spam_091.htm
    ./092/spam_092.htm
    ./093/spam_093.htm
    ./094/spam_094.htm
    ./095/spam_095.htm

    ./096/spam_096.htm
    ./097/spam_097.htm
    ./098/spam_098.htm
    ./099/spam_099.htm
    ./100/spam_100.htm
    ./101/spam_101.htm
    ./102/spam_102.htm
    ./103/spam_103.htm

    ./104/spam_104.htm
    ./105/spam_105.htm
    ./106/spam_106.htm
    ./107/spam_107.htm
    ./108/spam_108.htm
    ./109/spam_109.htm
    ./110/spam_110.htm
    ./111/spam_111.htm

    ./112/spam_112.htm
    ./113/spam_113.htm
    ./114/spam_114.htm
    ./115/spam_115.htm
    ./116/spam_116.htm
    ./117/spam_117.htm
    ./118/spam_118.htm
    ./119/spam_119.htm

    ./120/spam_120.htm
    ./121/spam_121.htm
    ./122/spam_122.htm
    ./123/spam_123.htm
    ./124/spam_124.htm
    ./125/spam_125.htm
    ./126/spam_126.htm
    ./127/spam_127.htm

    ./128/spam_128.htm
    ./129/spam_129.htm
    ./130/spam_130.htm
    ./131/spam_131.htm
    ./132/spam_132.htm
    ./133/spam_133.htm
    ./134/spam_134.htm
    ./135/spam_135.htm

    ./136/spam_136.htm
    ./137/spam_137.htm
    ./138/spam_138.htm
    ./139/spam_139.htm
    ./140/spam_140.htm
    ./141/spam_141.htm
    ./142/spam_142.htm
    ./143/spam_143.htm

    ./144/spam_144.htm
    ./145/spam_145.htm
    ./146/spam_146.htm
    ./147/spam_147.htm
    ./148/spam_148.htm
    ./149/spam_149.htm
    ./150/spam_150.htm
    ./151/spam_151.htm

    ./152/spam_152.htm
    ./153/spam_153.htm
    ./154/spam_154.htm
    ./155/spam_155.htm
    ./156/spam_156.htm
    ./157/spam_157.htm
    ./158/spam_158.htm
    ./159/spam_159.htm

    ./160/spam_160.htm
    ./161/spam_161.htm
    ./162/spam_162.htm
    ./163/spam_163.htm
    ./164/spam_164.htm
    ./165/spam_165.htm
    ./166/spam_166.htm
    ./167/spam_167.htm

    ./168/spam_168.htm
    ./169/spam_169.htm
    ./170/spam_170.htm
    ./171/spam_171.htm
    ./172/spam_172.htm
    ./173/spam_173.htm
    ./174/spam_174.htm
    ./175/spam_175.htm

    ./176/spam_176.htm
    ./177/spam_177.htm
    ./178/spam_178.htm
    ./179/spam_179.htm
    ./180/spam_180.htm
    ./181/spam_181.htm
    ./182/spam_182.htm
    ./183/spam_183.htm

    ./184/spam_184.htm
    ./185/spam_185.htm
    ./186/spam_186.htm
    ./187/spam_187.htm
    ./188/spam_188.htm
    ./189/spam_189.htm
    ./190/spam_190.htm
    ./191/spam_191.htm

    ./192/spam_192.htm
    ./193/spam_193.htm
    ./194/spam_194.htm
    ./195/spam_195.htm
    ./196/spam_196.htm
    ./197/spam_197.htm
    ./198/spam_198.htm
    ./199/spam_199.htm

    ./200/spam_200.htm
    ./201/spam_201.htm
    ./202/spam_202.htm
    ./203/spam_203.htm
    ./204/spam_204.htm
    ./205/spam_205.htm
    ./206/spam_206.htm
    ./207/spam_207.htm

    ./208/spam_208.htm
    ./209/spam_209.htm
    ./210/spam_210.htm
    ./211/spam_211.htm
    ./212/spam_212.htm
    ./213/spam_213.htm
    ./214/spam_214.htm
    ./215/spam_215.htm

    ./216/spam_216.htm
    ./217/spam_217.htm
    ./218/spam_218.htm
    ./219/spam_219.htm
    ./220/spam_220.htm
    ./221/spam_221.htm
    ./222/spam_222.htm
    ./223/spam_223.htm

    ./224/spam_224.htm
    ./225/spam_225.htm
    ./226/spam_226.htm
    ./227/spam_227.htm
    ./228/spam_228.htm
    ./229/spam_229.htm
    ./230/spam_230.htm
    ./231/spam_231.htm

    ./232/spam_232.htm
    ./233/spam_233.htm
    ./234/spam_234.htm
    ./235/spam_235.htm
    ./236/spam_236.htm
    ./237/spam_237.htm
    ./238/spam_238.htm
    ./239/spam_239.htm

    ./240/spam_240.htm
    ./241/spam_241.htm
    ./242/spam_242.htm
    ./243/spam_243.htm
    ./244/spam_244.htm
    ./245/spam_245.htm
    ./246/spam_246.htm
    ./247/spam_247.htm

    ./248/spam_248.htm
    ./249/spam_249.htm
    ./250/spam_250.htm
    ./251/spam_251.htm
    ./252/spam_252.htm
    ./253/spam_253.htm
    ./254/spam_254.htm
    ./255/spam_255.htm


If this organization by 'first-octet' does not prove to be helpful, I could try making about 240 country '.htm' pages and collecting the links to spam-header text files on those pages.


Some SEARCH engines
(to use to get more info on spam and IP addresses)


End of Table of Contents.

Naming convention used for the spam files :

After I separate the emails from a 'folder-file' of concatenated emails, I rename the files (via a script) to names of the form mail_from_[IPaddress]_[date].txt.

A specific example:

mail_from_66-103-107-53_2010May7.txt

I may provide links here someday to a web page providing the scripts I used to process the spam emails into separate, meaningfully named files.

Bottom of this
SPAM eMail Samples MENU page.

To return to a previously visited web page, click on the Back button of your web browser, a sufficient number of times. OR, use the History-list option of your web browser.
OR ...

< Go to Table of Contents, above. >

< Go to Top of this page, above. >


Page was created 2010 May 25.

Page was changed 2019 Jan 09.
(Added css and javascript to try to handle text-size for smartphones, esp. in portrait orientation.)