Spam sent through The Hindu web site

By Abhijit Menon-Sen <ams@toroid.org>

2010-08-29

I just received a Nigerian scam email sent through some "forward this article" feature on The Hindu web site. Here's the message, slightly edited:

Return-Path: <thehindu@vsnl.com>
…
Received: from web1.hinduonnet.com (web1new.hinduonnet.com [127.0.0.1])
	by web1.hinduonnet.com (8.13.5/8.13.5) with ESMTP id
	o7SMbdhC026146; Sun, 29 Aug 2010 04:07:39 +0530
Received: (from apache@localhost)
	by web1.hinduonnet.com (8.13.5/8.13.5/Submit) id
	o7SMbRAc026122; Sun, 29 Aug 2010 04:07:27 +0530
Date: Sun, 29 Aug 2010 04:07:27 +0530
Message-Id: <201008282237.o7SMbRAc026122@web1.hinduonnet.com>
From: thehindu@web1.hinduonnet.com
Reply-To: virtososchulks@yahoo.com
Subject: Article from  The Hindu: Sent to you by Virtosos  Chulks.
From: The.Manager@web1.hinduonnet.com
To: undisclosed-recipients:;

International Commercial Bank Ghana
First Light Branch
Accra, Ghana.

Sir,   

I got your contact during my search for a reliable, trust worthy and
honest person to introduce this transfer project with. My name is Mr.
Virtosos Chulks. I am the manager of the International Commercial Bank
Ghana, First Light Branch Accra. I am a Ghanaian married with two kids.

I am writing to solicit your assistance in the noble transfer of
US$5.500.000.00.
…

No, that's not a mistake—there really are two From: fields. But that's probably the least broken thing about a feature that allows people to send arbitrary email messages (with no reference to an article in The Hindu, by the way) through their site.

I wrote to thehindu@vsnl.com (which is also the contact address given on their web site) to report the problem. At least my mail did not bounce. I wonder if anyone will pay attention to it.