On Sun, Mar 05, 2017 at 09:55:14AM +0100, Philip Hands wrote:
Christopher Clements <firstname.lastname@example.org> writes:On closer examination, I think you are correct in saying that the replies are written by the spammer as well.On closer examination of what?
The "To:" field.
The headers of the mail you're apparently complaining about look pretty genuinely like the mail really did come from gmail, so are you suggesting that 'The Illuminati <email@example.com>' is the spammer? That looks like a genuine person -- I cannot imagine a spammer creating supporting evidence for a spamming account. e.g.: https://twitter.com/trainjohnson87 Note that that twitter account appears to belong to someone called Anthony, which matches the salutation in the Spam that he then replied to.
Your explanation makes more sense. Please disregard my (mostly baseless) suspicion.
Perhaps they simply want to waste space in archives? Not much of a motive/goal, but I get the feeling that the perpetrator doesn't have much of a life to start with.It seems very plain to me that the spammers are recycling headers from our list mail on the basis that gmail's anti-spam will have learned that as HAM, and are so are more likely to let that pass through. That then provokes a small fraction of the victims to shout at us, because they don't know ho to read headers. That is what you are seeing.
Are you saying that these messages were not sent to <firstname.lastname@example.org> and relayed to subscribers, but were instead forged to look like they were? -- GPG Key: 0769 AFCF 681E F61E 2137 F4CB 5044 1726 610D 5AE0
Description: Digital signature