Monday, August 28, 2006

Anatomy of a SPAM / Detecting SPAM

Sender s of SPAMs are getting more and more devious these days.  Just today, I found a particular message in my "Junk Mail" Folder -- a folder where SPAMBAYES dumps all SPAM I receive and it goes like this:

From: James Nelson []
Sent: Monday, August 28, 2006 12:16 PM
To: [deleted to protect my email address]
Subject: Re: HI!


You have been chosen to participate in an invitation only limited time event!
Are you currently paying too much for your mortgage? STOP! We can help you lower that today!
Answer only a few questions and we can give you an approval in under 30 seconds  it is that simple!

And stop fighting for lenders  let them fight for you! Make them work for your business by giving you the lowest rates around!
Two hundred and thirty thousand dollar loans are available for only three hundred and forty dollars/month! WE ARE PRACTICALLY GIVING AWAY MONEY!

Think your credit is too bad to get a deal like this? THINK AGAIN! We will have you saving your money in no time!
Are you ready to save your money?

Andrew Gonzalez

The message itself looks legit but, here's how to detect a SPAM based on the message shown above:

  • The sender's name says "James Nelson" but the email address shows that it supposed to have come from a certain  The mismatch between the sender's name and email address should send your "spider sense" tingling.
  • Notice the frequent mention of the website (  It only shows that the sender desperately wants the recipient of the mail to go to that domain.
  • It is signed by a certain "Andrew Gonzalez" which is neither the sender's name (as shown in the message itself) nor the email address.
  • Going to the website (, you will be shown a page that seems to do a survey.  One of the information asked on the survey is your email address.  Put your email address there and click submit and I bet that within a week, you'll receive three times as more SPAM than you normally get.
  • It has a link to "removal information" which will suppose to remove your email address from their list.  It will ask for your email address and if you do give it your email address, you will be swamped with more SPAM.
  • The website ( seems to be legit since it has a banner that shows that it is compliant with the Anti-SPAM Act of 2003 andit is "protected by Verisign".  All that information is bogus since legitimate websites with Verisign certificate will allow you to click on the Verisign icon which will verify the authenticity of the site -- this is just a static graphic which cannot be clicked nor verified.

I hope the readers of this blog learns a thing or two about detecting SPAM emails.

technorati tags:

Blogged with Flock

No comments: