- Each mail sent to random words @ different domains (email@example.com, firstname.lastname@example.org, etc.)
- Each mail sent to a set of random words @ my domain.
- Each mail sent to ONE random word @ my domain.
Interesting things of note:
- The mails are sent in alphabetical order, e.g. "a...@mydomain", "b...@mydomain", "c...@", etc.
- But the mails come from a variety of domains and IP addresses, in no particular order - I think this is a result of having an "army of drones" through virus-owned PCs, via IRC or similar.
- Random things include the "mailer version", the URL being printed (at least, the domain seems to consist of a random subdomain + one of a selection of domains, but the address after that is the same). The message body is the same for all, by the looks of it.
- There are 2 (different) X-Message-Info fields. One still has a command to the spam parser that hasn't been replaced: "%ND_LC_CHAR[1-3]" - I've seen this before.
I can think that it'd be easy to rip out the post-domain URL and check future messages for it, which would stop me getting 100+ e-mails again. But otherwise, more thought is needed. Maybe Mozilla Coffee will help!