It seems that the comment spammers of the world are getting bored of fighting against comment spam prevention tools such as Spam Karma and Akismet and are looking for new angles in which to exploit the blogosphere. I awoke this morning to find my inbox brimming with Contact Form messages posted through the contact form on this site. The cheeky spammer(s) were trying to exploit the Contact Form as a way of sending email spam. Thankfully Ryan did a good job in writing his WP-ContactForm plugin and the spammer failed in his quest to turn my blog into an email spam gateway.
The spammer(s) it seems are trying a very simple trick to try and send blind carbon copy by including standard email headers in the contact form contents like the following example (original bcc email address removed) :
Content-Type: text/plain; charset="us-ascii"
Subject: came of with his
I suspect that md5 looking string in the content is the spammers unique tracking id for this attempt so that they can keep track of which attempts succeeded.