Mailer for S.E

[scatter]

Okay this is one of the mailers used by spammers to distribute large number of emails at once and bypass spam filters right into inbox so no junk ,and this can be used for social engineering when you have big number of emails

DECODE the files because it may be BACKDOORED and use it on your own responsibility:

http://code.suck-o.com/42557" onclick="window.open(this.href);return false;

[lilrofl]

I feel like if there was a method of bypassing spam filters it would be currently abused by spammers.

Most email servers are looking for any reason to spam-box email at best, and reject it at worse. Things like not having a valid (not self signed) TLS certificate, DKIM, correct DNS PTR, SPF record and even sending email from a dynamic IP address will get your mail (let alone mass-mail) dumped.

There is a really good set of articles about this at

Code: Select all

http://arstechnica.com

and a book by Curtis Smith names

Code: Select all

Pro Open Source Mail

Noted that the above article and book are references for setting up legitimate business class email solutions, which would be the pretty side of setting up a temporary spam base of operations.

[bad_brain]

yeah, with such mass mailers you only hit inboxes on catastrophically wrong configured mail servers, at least nowadays....I have to admit there are enough of them around though.

it actually doesn't need ANY kind of active spam filtering to block such mails, all it needs is to use greylisting. on my servers I only use a few DNSBLs to block the well known spammers already on HELO level, and greylisting does the rest....my amount of spam: ~1/every 2 weeks, and my mail address has definitely been scraped a lot already...

I am still interested in the script, the link points to a blank entry though....

[scatter]

Here is the code again I think the old link expired that s why

http://code.suck-o.com/42569" onclick="window.open(this.href);return false;


also they don t just rely normal mail boxes , they use any server having an smtp server , those that can send inbox are the best and some that send in junks r less important but they r yet being exchanged by spammers for other shells etc and yup servers running SSL are more important than normal servers because the possibilities of making the spam email go to inbox are higher
Furthermore, they rely on the fact if browsers especially chrome may detect their scam page as a phising page and here is an example of a phishing page they use

http://code.suck-o.com/42570" onclick="window.open(this.href);return false;

[lilrofl]

I remain skeptical, but it's worth a look in the morning.

De-obsfucated and formatted version below:
http://code.suck-o.com/42571

[bad_brain]

well, at least it's not using the PHP mail() function. but it's actually nothing but a web iface for a mail account which allows you to import recipient lists....

[scatter]

well u don t need to be skeptical :p google spam mailer inbox in some forums and u will find such scripts that s how it's done at least in my region , I downloaded these files to see how they work but never used any of them I will upload some more of them in next few hours so u can check them too if u want

[lilrofl]

I get that PHP mailer scripts are available; though in the code there is nothing to suggest it has the ability to elude spam filtering.

[scatter]

well that s out of my knowledge as for my experience I said I never played with that that s why I don t know about the details of how they do the spam part, only general ideas

[scatter]

btw b_b is there any upload place for such scripts here? or is it fine to upload on any file hosting ?

[bad_brain]

simply put it in a .zip file, then you can attach it to a post...

[maboroshi]

In my opinion an MMS based spam service would seem more viable. Essentially the two things you need for sending an MMS is a sendmail server and the companies phonenumber@mmsaddress.com.

This behind a Tor Service that sends say as many as 50 MMS messages before switching IPs could prove to be pretty elusive.

And well I think even phone companies are given a range of phone numbers to be able to use if you figured out which range that is. Then if targeting a specific company or locale you would be pretty set to spam like a champ.

This is all just a thought and no PoC

[bad_brain]

damn, where is the list of email to text message carriers I had....used it for my special text message spamming script a while ago, remember?

[maboroshi]

Nice I do remember And well I have a list I think similar to that right now. I am also looking at sendmail/smtpd server of some sort over Tor. I think using Torify and other things like that it is not impossible to run this service through the Tor network. Have to look at what appears when running a Python Script as a sendmail/smtpd service as well as what appears when sending these messages.

Anyway possible project of interest for myself.

*cheers

Mabo