What the heck is going on? Yesterday I wrote about a spam message making its way across the Internet.
Message: how are you
As has happened a few times in the past I blogged about something esoteric, poorly covered and curious. There was no one else ‘covering’ this news. Google deemed me the authoritative source. Search: “hello how are you spam” and you come to me.
No problem. I’m glad to help.
My blog traffic began to spike overnight as geeks and nerds from around-the-world tried to figure out what was going on. If you read through the comments you’ll see how perplexed everyone is. Why would a spammer send out millions of emails with absolutely no payoff on his end?
Every possible justification for the spam led to a dead end, save one.
RFC 822 allows for using X- prefix for user generated info. I have no idea what the “X-Mras: Ok” header means, but it seems to only show up in these emails. I created a filter to send any email containing “X-Mras” anywhere in the headers to a special folder. So far the only emails that show up there are these odd “Hello – how are you” type emails.
This sort of email has been showing up for at least 2 years, off and on –the “X-Mras” field seems consistent in all cases (this may change).
For the non-geeky RFC 822 is the 1982 set of rules which govern email. The rules allow you to add your own parameters for your own purpose without telling anyone why. The only requirement is they start “X-.” These spam messages all contain “X-Mras: OK” a combination not seen in any other email.
Does “X-Mras: OK” mean or do anything? We still don’t know, but the more people who dive into this the more likely it will make sense… at some point… just not now.
Earlier I wrote how I received a few handfuls of these messages. I was wrong.
It was possible some were getting ‘stuck’ at the geofffox.com spam box and never making it to Gmail. When I went there and checked the first screen of results showed 20 spams. At the bottom of the page it said, “20 of thousands.”
I’s difficult to say with any authority the resources being pressed into service to send the “hello – how are you” spam. This is an immense undertaking–that’s for sure. And as far as anyone can see there is absolutely no benefit to the spammer–zero!
I’d like to know why he’s doing it.