Scammy emails

Yeah, right, I’m sure you suffer from them too. You learn to suffer them, and just delete them without deigning to read them. I get 50+ marketing emails (or phishing ones) every day on my work account from people I’ve never met or companies I’ve never used. It just stuns me that marketers think these emails (and how they structure them) are worthwhile.

Yeah, sorry, but I got irritated with all these this past fortnight.

Example 1: Marketing emails from security companies that include links to a domain other than their own. WTF are you doing? You email me to warn me about scam emails and yet you have what might be construed as scam links within? Bah.

Example 2: Marketing emails that include a unique link to a one-pixel image. Open the email, the HTML gets rendered, and, as part of that, the image is retrieved. Because it’s a unique link, the server that provides that one-pixel image will increment a counter. Then you get another email a day or so later that starts something like this:

Email: "I noticed that you opened the email I sent last week and thought I would follow up in case you had any questions."
Me: Have you any idea how much that disgusts me? Tell you what, I'll put your company name on our blacklist and we will never use you for anything. Ever.

— Julian M Bucknall (@JMBucknall) February 10, 2021

Here’s an example of the HTML tag for that (I modified that id so it won’t show up as mine … I may or may not have written some Lambda code on AWS that requested the image once a second for a couple of hours):

<img class="openid" height="1" width="1" src="http://lnka3.com/email?x=66WTFxDf6i6RDsjS6JFCsw%6D%6D" alt="" title="">

Example 3: Talking of links with ids, there’s another example of crappy marketing email code. Just for fun, I went to Google Maps, zeroed in on a parking lot in England, switched to Street View, zoomed in on the pavement. Here’s the URL for that exact spot with that exact view:

https://www.google.com/maps/@50.9187693,-0.4543065,3a,15y,94.87h,79.68t/data=!3m6!1e1!3m4!1saryfIzkDPxVxW849n7yApA!2e0!7i13312!8i6656

Pretty short considering the amount of data it encapsulates. Here’s a URL from a marketing email behind a link to allow the email to be viewed in a browser:

https://www.crapdomain.com/e2t/tc/VW7Rwh4RzXgKW8PxwML7FllMcW8ZpTlp4nN3mFN5bb0hm5nxGLV3Zsc37CgKnbW4nrlZf6tXNtkW688wfS2ZtXwgW3jVhWg3pZPCYW2wdm_DearFuckingGodTd2JjW5JQM5S2lN2ZdW2XKRmz1ylLb6VZgNVj633MqHVXzvl04X0k5KW20VbQT3mnBbfW5S8Ntv6pn1KZW8cjQZy3mPSLfVn3MDD841NC4W4HZQGn2QPVv0W5wwKZK12JK7rVRxj_Y6jXfs0W1ZPgLb3tC4D6W5QGfVT4LJh_3W7W_DDH5WZ7MkW1wwvGW7SgffjVvd5Mt8XZwMtW8QbJSv7v5F6sW6vhZj42lyNLhW487g5P2WlcmXW5FBlR289G1zRW8Sybym7tw20XW3tn1B44mqj3KW5ndSXg7PP8JDW2xzz095GpW0vW2p9Dxh43Ylg6N4zRgJLVyXKxW4Rc6Z_7sMyqZW6DLk6r3F0j4WW5M0rrX5_qL66W6K2DXs6sgdlNW5D4CH554zV4b3hSG1

Does it hold the HTML compressed and encoded or something stupid like that? That is just ridiculous. Hell’s teeth, a GUID is 36 characters long so why not use one of those as a key into your email database, FFS? I guarantee that you’ll never reuse a GUID by mistake.

Example 4 (just for fun): OK, this isn’t exactly a marketing email, but a phishing one. Pretty much once a day at the moment I’ll get a phishing email that tells me that I’ve received a phone call from someone. Click the link to listen to the recorded message. Here’s a variant on that:

Scam email from “OneDrive”

A file that is scanned as HTML but is only 453 bytes long? From OneDrive no less! I was intrigued so took a look at the HTML:

<script type="text/javascript">window.location.href="http://Devexpress.com.yauzer.com/#anVsaWFuckOffXZleHByZXNzLmNvbQ==";</script>

Yep, a script tag, and the script instructs the browser to switch to that URL (again modified). No idea who/what yauzer.com is, and don’t particularly care. Not going to go look.

<Deep breath> OK, I’m going to go get a beer.

  Loading links to posts on similar topics...