Are Blog Spammers changing tack?

It seems that the comment spammers of the world are getting bored of fighting against comment spam prevention tools such as Spam Karma and Akismet and are looking for new angles in which to exploit the blogosphere. I awoke this morning to find my inbox brimming with Contact Form messages posted through the contact form on this site. The cheeky spammer(s) were trying to exploit the Contact Form as a way of sending email spam. Thankfully Ryan did a good job in writing his WP-ContactForm plugin and the spammer failed in his quest to turn my blog into an email spam gateway.

The spammer(s) it seems are trying a very simple trick to try and send blind carbon copy by including standard email headers in the contact form contents like the following example (original bcc email address removed) :

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: came of with his
bcc: email.address@domain.name

5b4d9f4fd9e11dd3e4f434625a0848b7

I suspect that md5 looking string in the content is the spammers unique tracking id for this attempt so that they can keep track of which attempts succeeded.



d
go to dashboard
l
go to login
h
show/hide help
e
edit post/page
r
comment on post/page
m
go to moderate comments
esc
cancel