

Ask HN: spam email (how did they do that) - electrichead

So I received an email this morning in my gmail supposedly from "MSNBC".  The itneresting this about this spam email is that there was only one link, which was not even coded as a link (this is a text-only email), and the URL goes to http://on.msnbc.com/zV9UfI?&#60;my email&#62;<p>So the question is: why would they want me to click on the link?  Have they somehow put a redirect on msnbc.com ?<p>Email source below:<p>Delivered-To: &#60;my email&#62;@gmail.com
Received: by 10.68.25.225 with SMTP id f1csp70201pbg;
        Tue, 6 Mar 2012 04:27:06 -0800 (PST)
Received: by 10.220.179.132 with SMTP id bq4mr1797830vcb.40.1331036826055;
        Tue, 06 Mar 2012 04:27:06 -0800 (PST)
Return-Path: &#60;reguvenatewellness11285@sc.rr.com&#62;
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com. [75.180.132.120])
        by mx.google.com with ESMTP id 3si5506943vct.131.2012.03.06.04.27.05;
        Tue, 06 Mar 2012 04:27:06 -0800 (PST)
Received-SPF: pass (google.com: domain of reguvenatewellness11285@sc.rr.com designates 75.180.132.120 as permitted sender) client-ip=75.180.132.120;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of reguvenatewellness11285@sc.rr.com designates 75.180.132.120 as permitted sender) smtp.mail=reguvenatewellness11285@sc.rr.com
Return-Path: &#60;reguvenatewellness11285@sc.rr.com&#62;
Authentication-Results:  cdptpa-omtalb.mail.rr.com smtp.user=reguvenatewellness11285@sc.rr.com; auth=pass (LOGIN)
X-Authority-Analysis: v=2.0 cv=TvJkdUrh c=1 sm=0 a=XKGNf7EIzzoA:10 a=8DfUPBxvO0QA:10 a=IkcTkHD0fZMA:10 a=dJ0-dG6DAAAA:8 a=pGLkceISAAAA:8 a=QK1GopW9Fw9adpgECroA:9 a=6KscT9JeKKuDAi2QTlIA:7 a=QEXdDO2ut3YA:10 a=A_n0Eqh96AUA:10 a=MSl-tDqOz04A:10 a=KMr8SRDwdKKXQwftM2uIcw==:117
X-Cloudmark-Score: 0
Received: from [10.127.132.174] ([10.127.132.174:59992] helo=cdptpa-web23-z02)
	by cdptpa-oedge01.mail.rr.com (envelope-from &#60;reguvenatewellness11285@sc.rr.com&#62;)
	(ecelerity 2.2.3.46 r()) with ESMTPA
	id A5/35-17039-892065F4; Tue, 06 Mar 2012 12:27:04 +0000
Message-ID: &#60;20120306122704.ZV0XM.40945.root@cdptpa-web23-z02&#62;
Date: Tue, 6 Mar 2012 7:27:04 -0500
From: "newsletter@msnbc.com" &#60;reguvenatewellness11285@sc.rr.com&#62;
To: &#60;my email&#62;@gmail.com
Subject: MSNBC's "Solution to Easy Weight-Loss"
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
Sensitivity: Normal
X-Originating-IP:<p>Excerpt:
"Tired of being fat and feeling slow?  Looking to feel better and remove those extra lbs? I know you are and I was too! This an all natural fatloss supplement that is guaranteed to work!."<p>Read more at: http://on.msnbc.com/zV9UfI?&#60;my email&#62;@gmail.com
This is a complimentary e-mail provided by MSNBC.
======
brk
Using wget, yes, there is a 301 redirect to some page about acai berries.

The on.msnbc.com domain seems to be setup to redirect all links to some other
page. Not sure if this is part of an exploit on that service, or if you can
somehow pay to advertise there or what.

It's interesting. A lot of people probably trust the msnbc.com domain name.

------
monkeymeister
It's actually a version of Bit.ly check out made-up URL
<http://on.msnbc.com/fsdhfjksd76f>.

Possibly done via DNS?

------
baltcode
It leads to <http://noslims.info/?787254572> "Acai Berry Diet Exposed: Miracle
Diet or Scam?" - a fake news ad.

