A new spam campaign doing the rounds looks fairly innocent but its sole purpose is to verify that your email address is active. This will inevitably lead to your email address being added to multiple spam lists. The main problem with this particular spam is that the email is hard to spot and simply opening it will quietly alert the spammer your email address is active.

The email thanks you for using the digital locker at Windows Marketplace and goes on to give you details of how to download your purchase which in this case is Windows Vista Ultimate Upgrade. The spam only has links to msn.com that forward to Windows Marketplace.

Hidden in the html there’s a blank white image that tries to load from a link as follows:

The spammer has cleverly used a PHP script to send him your email address when the image tries to load. The script then returns a link to the blank white image (http://xxx.xxx.xxx.xxx/dot_clear.gif) that is barely noticeable in the spammed email.

We have seen this spam from the following:

From: “Web Useds”
From: “Web Services”
From: “Web Help”
From: “Support Services”
From: “Sales Depot”
From: “Digital Plaza”
From: “Digital Locker”
From: “Customer Support”
From: “Buy now”
From: “Web Depot”
From: “Ref Depot”

And the subject of the email is usually one of these with random numbers in square brackets:

Subject: [635] Important info regarding your Order
Subject: [7738] Your Order
Subject: [4241] Support Request

Or sometimes just has your email address in the subject:

Subject: youremail@yourdomain.com

So if you notice any emails like these its best to avoid opening them, it’s also advisable to set your email client to ask before downloading images if this feature is available.