Scammy emails

Yeah, right, I’m sure you suffer from them too. You learn to suffer them, and just delete them without deigning to read them. I get 50+ marketing emails (or phishing ones) every day on my work account from people I’ve never met or companies I’ve never used. It just stuns me that marketers think these emails (and how they structure them) are worthwhile.

Yeah, sorry, but I got irritated with all these this past fortnight.

Example 1: Marketing emails from security companies that include links to a domain other than their own. WTF are you doing? You email me to warn me about scam emails and yet you have what might be construed as scam links within? Bah.

Example 2: Marketing emails that include a unique link to a one-pixel image. Open the email, the HTML gets rendered, and, as part of that, the image is retrieved. Because it’s a unique link, the server that provides that one-pixel image will increment a counter. Then you get another email a day or so later that starts something like this:

Here’s an example of the HTML tag for that (I modified that id so it won’t show up as mine … I may or may not have written some Lambda code on AWS that requested the image once a second for a couple of hours):

<img class="openid" height="1" width="1" src="" alt="" title="">

Example 3: Talking of links with ids, there’s another example of crappy marketing email code. Just for fun, I went to Google Maps, zeroed in on a parking lot in England, switched to Street View, zoomed in on the pavement. Here’s the URL for that exact spot with that exact view:,-0.4543065,3a,15y,94.87h,79.68t/data=!3m6!1e1!3m4!1saryfIzkDPxVxW849n7yApA!2e0!7i13312!8i6656

Pretty short considering the amount of data it encapsulates. Here’s a URL from a marketing email behind a link to allow the email to be viewed in a browser:

Does it hold the HTML compressed and encoded or something stupid like that? That is just ridiculous. Hell’s teeth, a GUID is 36 characters long so why not use one of those as a key into your email database, FFS? I guarantee that you’ll never reuse a GUID by mistake.

Example 4 (just for fun): OK, this isn’t exactly a marketing email, but a phishing one. Pretty much once a day at the moment I’ll get a phishing email that tells me that I’ve received a phone call from someone. Click the link to listen to the recorded message. Here’s a variant on that:

Scam Email from OneDrive

Scam email from “OneDrive”

A file that is scanned as HTML but is only 453 bytes long? From OneDrive no less! I was intrigued so took a look at the HTML:

<script type="text/javascript">window.location.href="";</script>

Yep, a script tag, and the script instructs the browser to switch to that URL (again modified). No idea who/what is, and don’t particularly care. Not going to go look.

<Deep breath> OK, I’m going to go get a beer.

It's all fishy

Loading similar posts...   Loading links to posts on similar topics...

No Responses

Feel free to add a comment...

Leave a response

Note: some MarkDown is allowed, but HTML is not. Expand to show what's available.

  •  Emphasize with italics: surround word with underscores _emphasis_
  •  Emphasize strongly: surround word with double-asterisks **strong**
  •  Link: surround text with square brackets, url with parentheses [text](url)
  •  Inline code: surround text with backticks `IEnumerable`
  •  Unordered list: start each line with an asterisk, space * an item
  •  Ordered list: start each line with a digit, period, space 1. an item
  •  Insert code block: start each line with four spaces
  •  Insert blockquote: start each line with right-angle-bracket, space > Now is the time...
Preview of response