It’s well-known that some spammers will find a way to track which email address has responded to/complained about their “messages.” Sometimes they’ll assign an ID code to each address, and sometimes they’ll just disguise it using something like ROT13. This code is then placed in the unsubscribe and purchase links, or embedded image references. (Legitimate mailing lists often use a similar technique: each message has a unique return address so that bounces can still be identified even if the message has been forwarded to another account.)

I just spotted a mortgage spammer using wildcard DNS and undisguised addresses. Suppose that the target address is, or rather, for you bots reading this. The purchase link would be, and the “unsubscribe” (yeah, right) link would be

They hit four of our spamtraps last night, two of which used unobfuscated links like this.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.