rooster Posted October 22, 2005 Share Posted October 22, 2005 http://www.spamcop.net/sc?id=z818613954ze4...baec2aae5ad128z Y'all; I have been getting the occasional spam for which SC reports, “No Links Found”. When I look at the OE 6, “Message Source”, (html version), I find things such as: http://nhayu=2enet/9ehPVFJsPmdE026kOr3D25v...OCw4mBg0wAAITT= and when I, ‘%whois’ the domain, it returns the ns. accounts of the usual suspects in porn spamming. No surprise there… Getting SC reports with, “no links found”, is a pretty good clue the sender is up to some mischief and therefore it makes sense (at least to this newbie) to check further. The domain was created, 14-oct-2005, is registered with VeriSign, MelbourneIT, with Yahoo! as affiliate. Am I correct in assuming this is an example of email address harvesting? If so: 1. Who’s AUPs or other covenants are being violated, and 2. Where can I review the text in preparation for reporting it? I’m not the brightest bulb in the box by any means, but I don’t see this covered in Yahoo!’s TOS. rod Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 22, 2005 Share Posted October 22, 2005 I have been getting the occasional spam for which SC reports, “No Links Found”. 34692[/snapback] That "link" is actually a picture that has been broken up by the Content-Transfer-Encoding: quoted-printable and is ignored in spamcops processing due to too many false reports being sent. There are no html links in this message. <IMG src=3d"http:/ /nhayu=2enet/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT= AUNAw=3d=3d=2ejpg" border=3d"0"> converts to ( =2e -> . =3d -> = ) : <IMG src="http:/ /nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT AUNAw==.jpg" border "0"> Link to comment Share on other sites More sharing options...
rooster Posted October 23, 2005 Author Share Posted October 23, 2005 Steven; If this spam is not, “linked”, to anything what is it’s purpose? Why would a picture be encoded with the domain of a porn site unless something was intended to return to that site; such as my email address? Link to comment Share on other sites More sharing options...
Wazoo Posted October 23, 2005 Share Posted October 23, 2005 I have been getting the occasional spam for which SC reports, “No Links Found”. When I look at the OE 6, “Message Source”, (html version), I find things such as: http://nhayu=2enet/9ehPVFJsPmdE026kOr3D25v...OCw4mBg0wAAITT= and when I, ‘%whois’ the domain, it returns the ns. accounts of the usual suspects in porn spamming. No surprise there… Actually, there "should" be a surprise in that response. 1. Had this e-mail been received and handle in a "secure" fashion, the HTML crap wouldn't have been displayed on your screen. 2. If the browser/tools in question operated in a secure fashion, the URL you've identified, copied, and ran through a WHOIS should have returned something along the lines of "Huh? Where'd you learn to spell WWW, Bub?" ... as nhayu=2enet is not a valid specifier for some location on the Internet. 3. That a number of insecure tools would seem to be in use is exactly what the spammer is counting on. Am I correct in assuming this is an example of email address harvesting? No idea how "harvesting" came into your thoughts. Your address was already "discovered, else how would you received the spam? In this specific instance of an identified graphic, the only thing that would show up on "that" server (again, using/handling wit insecure tools) would be the IP address of the computer you were using to open up that e-mail to "read" it. (this would be , for example, OE6 realizing that it was HTML, so it calls in some help from IE6 to render the pretty picture and the HTML layout commands in that e-mail) If you want to go with the possible other thought of "e-mail address verification" .. then the URL to the graphic would (usually) have some trailing bits, say something like ";?sucker=xyz23[at]example.com" .. but again, your sample doesn't have that construct. If so: 1. Who’s AUPs or other covenants are being violated, and 2. Where can I review the text in preparation for reporting it? I’m not the brightest bulb in the box by any means, but I don’t see this covered in Yahoo!’s TOS. 34692[/snapback] As a Domain Registrar, the primary responsibility gets back to the Registration data. Is it correct? What efforts have you accomplished to prove its inaccuracies? If you are wanting to complain about the content, that would be a matter of the AUP of the hosting system ... in this case, those fine folks that live at abuse[at]cnc-noc.net .. and I trust that "new" as you may be, you surely recognize the swift action that awaits a complaint sent there <g> For "secure handling" with OE6, run on over to the How-to Use ... forum section .. or take the easy way out and check the SpamCop FAQ here for the link ... Additional steps that could be taken for instance ... a 'good' firewall .. for instance, on my systems, OE only gets to talk to ports 25,110, 119 (and a couple of other 'secure' connection ports) ... OE has no business talking to Port 80, which is where your sample graphic call in your spam would travel ... Link to comment Share on other sites More sharing options...
dbiel Posted October 23, 2005 Share Posted October 23, 2005 Looks like we need to go back to spam 101. Spammers like using pictures to get around spam filters. And yes they will display web site addresses, and if they can find a way to do it, they will make them clickable. Anything to try to catch a sucker to buy what they are selling. The more complex you try making things the more likely something is to break. Link to comment Share on other sites More sharing options...
Jeff G. Posted October 23, 2005 Share Posted October 23, 2005 Of course, the spammer may have encoded your email address in "9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITTAUNAw==" (or have a database with a cross reference between them). On the other hand, the spammer probably messed up in forgetting to include the A tag, given the way s/h/it messed up in forgetting to include the top portion of the image (which evidently includes the top of the red box containing the ad copy that ends "MOVIES!"). Thus, the spammer once again proves Russell's Corollary: Never underestimate the stupidity of spammers (ref: Spammer Rules). Link to comment Share on other sites More sharing options...
Wazoo Posted October 23, 2005 Share Posted October 23, 2005 10/22/05 21:37:33.252 TCP Connection Connection: nhayu.net: http from mysystem: nsvt, 408 bytes sent, 625 bytes received, 0.615 elapsed time Alert 10/22/05 21:37:32.337 IP Filter This one time, the user has chosen to "permit" communications. Details: Outbound TCP connection Remote address,service is (nhayu.net,http) Process name is "INTERNET EXPLORER" Fetching [url="http://nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg"]http://nhayu.net/9ehPVFJsPmdE026kOr3D25vSk...ITT=AUNAw==.jpg[/url] ... GET /9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg HTTP/1.1 Host: nhayu.net Connection: close HTTP/1.1 302 Found Date: Sun, 23 Oct 2005 02:49:48 GMT Server: Apache/2.0.47 (Fedora) Location: [url="http://dns-base.com/nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg"]http://dns-base.com/nhayu.net/9ehPVFJsPmdE...ITT=AUNAw==.jpg[/url] Content-Length: 350 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://dns-base.com/nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg">here</a>.</p> <hr /> <address>Apache/2.0.47 (Fedora) Server at nhayu.net Port 80</address> </body></html> Alert 10/22/05 21:37:45.655 IP Filter This one time, the user has chosen to "permit" communications. Details: Outbound TCP connection Remote address,service is (dns-picz.com,http) Process name is "INTERNET EXPLORER" 10/22/05 21:37:45.735 HTTP Cookie Allowed User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) sent to [url="http://dns-picz.com/nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg"]http://dns-picz.com/nhayu.net/9ehPVFJsPmdE...ITT=AUNAw==.jpg[/url] 10/22/05 21:37:47.090 TCP Connection Connection: dns-picz.com: http from mysystem: 1539, 421 bytes sent, 40971 bytes received, 1.355 elapsed time Fetching [url="http://dns-picz.com/nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg"]http://dns-picz.com/nhayu.net/9ehPVFJsPmdE...ITT=AUNAw==.jpg[/url] ... GET /nhayu.net/9ehPVFJsPmdE026kOr3D25vSk/FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg HTTP/1.1 Host: dns-picz.com Connection: close HTTP/1.1 200 OK Date: Sun, 23 Oct 2005 02:48:40 GMT Server: Apache/2.0.52 (FreeBSD) PHP/4.3.10 Last-Modified: Sat, 22 Oct 2005 08:28:04 GMT ETag: "240cefa-9f06-919f2d00" Accept-Ranges: bytes Content-Length: 40710 Connection: close Content-Type: image/jpeg 577x268 pixel jpeg picture received and displayed [/CODEBOX] As Jeff G. points out, it was apparently cropped from yet another larger picture, it is not a clickable link, it contains no URL info, only the porn graphic with some marketing hype on the quality of the stuff .... So the actual spam e-mail link sends you to one server that has been set up to redirct you to another server that then deliver your browser requested graphic image. Let's disect your sample URL; http:// nhayu.net/ = Domain/Host of the provided link 9ehPVFJsPmdE026kOr3D25vSk/ = most folks would call this a "Folder" name FA0KIBoOCw4mBg0wAAITT=AUNAw==.jpg = the name of the graphic the idiot saved for your viewing pleasure ... probably originally named ad1.jpg (?) Though one could go with there was some encrypted codes in all that, remember that the "Folder" had to exist, the 'named' graphic has to exist. That both of these "variables" would be specially crafted for each spam recipient seems "out there" (though not dumb enough to say it's impossible .. just so extremely unlikely is all) One might go with that these "variables" might change between spam runs, doing that checking thing to see how many got through, how many idiots followed the link, how many unsecure e-mail apps it found, managing to bypass filters and such .... this would be more likely .... though from appearances of the whole situation, an even better scenario is some numbnuts just bought some super-duper get-rich-quick-on-the-Internet software and the instructions on how to set it up and use it absooooolutely sucks ....????? Anyway, a shot at Spam101 attempted ... Link to comment Share on other sites More sharing options...
Farelf Posted October 23, 2005 Share Posted October 23, 2005 Thanks for walking through that Wazoo, informative. dns-picz.com - a nice little sideline for AMD's CEO? http://www.senderbase.org/search?searchString=dns-picz.com No, I don't really think so, but you have to laugh. Link to comment Share on other sites More sharing options...
Wazoo Posted October 23, 2005 Share Posted October 23, 2005 Well, then spam 101.1 then ... It wasn't my spam, so spammy didn't have my e-mail address in his hot little hands. By conducting the above research, if he wants to check the logs, he's going to have the IP address of my computer ... well, not really, setting behind a couple of firewalls, and some other stuff .. but ... if I was on dial-up, that IP address wouldn't help much, other than identifying my ISP, as the next cycle of hang-up, redial, would normally result in my computer sitting there on a different IP address. ok, so maybe the next batch of spam will use my ISP's Domain names in the list of targets, prepended with whatever "magic" list of 'account names' he's either gathered, bought, or came with the software ... but still no direct targetting of "me" at this point. The line "10/22/05 21:37:45.735 HTTP Cookie Allowed User-Agent" was (an approved actio in this case) for IE to "send" a cookie as part of the request for web-page data ... there was no existing cookie for this site on my system (and still isn't) so no (cookie) data was actually sent. And, in this case, neither site tried to write one to my system ... so no directly identifying info there .... So at this point, the only data available to the spammer (and that's only if the server logs are available to him) is that a computer at IP xxx.xxx.xxx.xxx made contact with his servers nd downloaded the jpeg. And if those oddly named folders/image file names had some encrypted data in them, his database is now a bit tainted due to someone not actually in that designated spam run followed the "crafted" URL .... Of course, the same data mismatch would occur with someone doing the forwarding of e-mail from one system to another and then reading/handling it from the second e-mail server. (example, spam e-mail was sent to a long lis of Yahoo addresses, but user had Yahoo e-mail forwarded to his ComCast account ... and user then opened up this spam e-mail running OE at "home" ....the resulting web-page data requests would be coming from a ComCast IP address, rather than the "intended" Yahoo recipients .... From the spammer's point of view, what does the "strange/foriegn IP address mean and what can he do with that data?" Next level of intricacy, spammer does a Google and stumbles into this very Topic/Discussion ... He could then compare the data I previously posted, once again compare that to his server logs .... damn, he's got Wazoo pegged .... but ...??? Wazoo [at] (what?) .... no account here by that name ... so. best he could do is add Wazoo top that list of "account names" and prepend them to that other list of Domain names and hope that at least one of those finds their way to "my" InBox (somewhere) .... As it turns out, have no accounts these days that use "wazoo" .. so that's not going to happen ... So, in this case, I'm not convinced that we are dealing with a crafty spammer that is harvesting e-mail addresses. I could be wrong but (as usual) I don't think so <g> Link to comment Share on other sites More sharing options...
Farelf Posted October 23, 2005 Share Posted October 23, 2005 Thanks for the additional - reading that as "replicating the process" is something I would not want to be doing at this time. .... but ...??? Wazoo [at] (what?) .... no account here by that name ... so. best he could do is add Wazoo top that list of "account names" and prepend them to that other list of Domain names and hope that at least one of those finds their way to "my" InBox (somewhere) .... As it turns out, have no accounts these days that use "wazoo" .. so that's not going to happen ... 34717[/snapback] And *wazoo* [at] ... could upset another "tribute band" in these parts - http://www.grandwazoo.com.au/ (just harking back to an earlier conversation about Australian tribute bands ... you sure you wouldn't like to take ABBAsolutely fABBAulous off our hands?) Link to comment Share on other sites More sharing options...
Wazoo Posted October 23, 2005 Share Posted October 23, 2005 And *wazoo* [at] ... could upset another "tribute band" in these parts - http://www.grandwazoo.com.au/ (just harking back to an earlier conversation about Australian tribute bands Hmmm, Taking the same stance offered there, I could state that my "legendary" Home of the Grand Wazoo BBS probably predates them .. Apple II based, 1983-1995, located in various places, Hawaii, Virginia, Iowa .... but I'll admit that I 'borrowd' the moniker from the great Frank Zappa .... not sure where the "Kings of Soul/Funk" entered into that same name space ... ... you sure you wouldn't like to take ABBAsolutely fABBAulous off our hands?) 34718[/snapback] Another unknown to me (though definitely recalling a few Abba concerts while in Germany those may moons ago ... I was re-telling that last bit of coversation on "my aussie freinds" a week or so ago .. some fellow bikers and a lady looking for a solution of some overnigt stays at flea-markets, trade-shows and such ... teardrop campers came up, and as it turns out, yet another Oz thing made its appearance on myscreen ... http://www.trikesaustralia.com/teardrop/ or http://www.aussieteardrops.com/ (cute Google rating scheme going on there <g>) ... yeah, talked bad about you some more <g> Link to comment Share on other sites More sharing options...
Farelf Posted October 23, 2005 Share Posted October 23, 2005 ... Another unknown to me (though definitely recalling a few Abba concerts while in Germany those may moons ago ...34723[/snapback] Okay, I won't even mention Björn Again ... ... yet another Oz thing made its appearance on myscreen ... 34723[/snapback] Hmm ... Bikers being a different breed to Bikies, evidently. We all reckoned the bikies were getting soft when they started carrying swags (tho' being careful to be sure they were not in earshot when voicing such opinion). Still, age catches up with all of us. More than a little OT, sorry. Link to comment Share on other sites More sharing options...
rooster Posted October 23, 2005 Author Share Posted October 23, 2005 Wazoo; 1. Had this e-mail been received and handled in a "secure" fashion, the HTML crap wouldn't have been displayed on your screen. I don’t know if I made it clear in my OP, but the, “HTML crap”, is P&P of OE 6, “Properties”, [Details], [Message Source]. I didn’t get it from the SC Report. I never open any of this stuff, for the usual reasons, and I translated from the HTML that it referred, at least in part, to an image. I’m just not savvy enough to know what the mechanics are, or what the purpose is, and if it is kosher to do this sort of thing. In the same vein, if SC testifies that no links were found, and there actually are ‘defacto’ links, unsophisticated dilettantes like yours truly is, ‘mos’ likely gonn’a get confusified’. Bub?" ... as nhayu=2enet is not a valid specifier for some location on the Internet. Again, I guess I wasn’t clear when I wrote: “… and when I, ‘%whois’ the domain”. I, “whoised”, <nhayu.net> to get the results on the nameservers and registrars. No idea how "harvesting" came into your thoughts. Perhaps I should have used the term, “validating” instead. Nevertheless, given that the “View Full Message “, is clickable, per the Tracking URI I gave, and therefore available to y’all, and the, “HTML crap” (QUOTE below) contains the line: <META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR> The obvious, in addition to inserting lower case hex characters (e.g. =2e & =3d) must have made me leap to what came across as a naive assumption…. eh? Whoever it is generating this spam, they like to mismangle the HTML more or less regularly; possibly trying to get ahead of Chris Santerre. View full message ------=_NextPart_000_0002_9C2D4F39.E17A2940 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html;charset=3diso-8859= -1"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2e0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html; charset=3dus-asci= i"> <META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3d#ffffff> <DIV> Ya know! When a habit begins to cost money, it's called a hobby=2e,<BR><B= R> It seems to me that sorrow must come sometime to everybody and those who = scarcely taste it in their youth, often have a more brimming and bitter c= up of drain in afterlife=2e,<BR> One part is absorbed in the blood to compensate for the losses that are c= onstantly taking place through respiration and perspiration, and all the = material that Nature cannot use is rejected in the form of excrement=2e,<= br><br>Words and sentences are subject to revision paragraphs and whole c= ompositions are subjects of prevision=2e,<BR> <BR><BR><BR><BR> :…the primary responsibility gets back to the Registration data”. In my OP, I was inquiring as to whether or not email harvesting, i.e. “validating”, by these means contravenes AUPs or covenants with governing bodies or agencies. Perhaps I am totally out to lunch, but that is a different issue from confirming the accuracy of registration data; which I gather would be an interNic issue. “If you are wanting to complain about the content…” That could conceivably be covered by the affiliate’s (Yahoo!) TOS. Since there really isn’t any content in this instance …. I’m not sure just how this came into your thoughts. “For "secure handling" with OE6, …” Did I write something that suggests my system or email handling regime is unsecure??? I only get 5 – 10 spam a day, (until about a week ago) almost all of which comes from one source. These all get intercepted by K9 so I only see them if I chose to check my spam folders, as in the present instance. If you have a handling method that attracts fewer UCEs to your inbox than, well … none, then I guess I need to shore up some more. So the actual spam e-mail link sends you to one server that has been set up to redirct you to another server that then deliver your browser requested graphic image. Ok, so the HTML in question IS a link (whew) to a server that is disposed to redirect my browser (and my IP) to another computer. As long as we are all ‘down with that’, then my question remains: who’s covenants are involved with this kind of activity and are they being violated? And yes, the, ““folder” name”, has appeared in a couple of the previous, “occasional spam”, I mentioned in my OP. rod dbiel, Farelf, Jeff G. ; Thanks to you, too. rod Link to comment Share on other sites More sharing options...
Wazoo Posted October 23, 2005 Share Posted October 23, 2005 I don’t know if I made it clear in my OP, but the, “HTML crap”, is P&P of OE 6, “Properties”, [Details], [Message Source]. I didn’t get it from the SC Report. I never open any of this stuff, for the usual reasons, and I translated from the HTML that it referred, at least in part, to an image. In this Forum 'game' .. public format, it is archved in number of search engines. Despite some recent traffic in other Topics/Discussion, I still stick with the thought that if someone is looking for data or an answer, they will "search" for it. Thus the stuff you seem to be taking personally was actually written with the included perspective that 6 months from now, someone else is going to stumble into this very discussion, thus the expansion and inclusion of certain data. I’m just not savvy enough to know what the mechanics are, or what the purpose is, and if it is kosher to do this sort of thing. In the same vein, if SC testifies that no links were found, and there actually are ‘defacto’ links, unsophisticated dilettantes like yours truly is, ‘mos’ likely gonn’a get confusified’. I've not see you ask for any guidance on such a subject or action .. yet again, this was exactly one of the things attempted to be explained at OE6 Secure handling of e-mail, Why Forward won't work There are many reasons why the parser "won't see" what you believe is an embedded URL .. but again, that would be easier to discuss on the specific spam item. (Actually existing in many previous discussions here and over in the newsgroups.) Again, I guess I wasn’t clear when I wrote: “… and when I, ‘%whois’ the domain”. I, “whoised”, <nhayu.net> to get the results on the nameservers and registrars. You were clear on "what you did" .. missing was "how you did it" .... My statements were based on doing a cut/paste of the "raw data" ... you "converted" that data into non-Quoted-printable format before doing the WHOIS .... and, again, for someone just popping in 6 months from now, with no idea who any of the participants are or their experience/knowledge, tools .... these little steps left out of the conversation would leave them wondering yet even more .... Perhaps I should have used the term, “validating” instead. Nevertheless, given that the “View Full Message “, is clickable, per the Tracking URI I gave, and therefore available to y’all, and the, “HTML crap” (QUOTE below) contains the line: <META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR> The obvious, in addition to inserting lower case hex characters (e.g. =2e & =3d) must have made me leap to what came across as a naive assumption…. eh? No idea what assumptions you made there ... my first impression is once again, the Quoted-Printable stamping seen, and the use of some cheap "design your web page" software .. but, sure, you could change that to more encrytped tracking data if you want .... Whoever it is generating this spam, they like to mismangle the HTML more or less regularly; possibly trying to get ahead of Chris Santerre. I'm still going with crummy software or clueless user of said software ... In my OP, I was inquiring as to whether or not email harvesting, i.e. “validating”, by these means contravenes AUPs or covenants with governing bodies or agencies. Perhaps I am totally out to lunch, but that is a different issue from confirming the accuracy of registration data; which I gather would be an interNic issue. Though we still have not yet agreed on your vision of "e-mail harvesting" in this spam sample, there is still the matter of what laws do you think exist on this, case evidence developed how, brought up in what court of law ...??? Spammer defense in this case, "crummy software that I couldn't figure out how to use" ....???? That could conceivably be covered by the affiliate’s (Yahoo!) TOS. Since there really isn’t any content in this instance …. I’m not sure just how this came into your thoughts. The "affiliation" I saw dealt with the registration of a Domain name ... thus my response ... Content? The whole exercise of showing how the end-user browser went looking for and finally received the image in your spam sample apparently was a waste of time ...??? Yes there was content involved .... Ok, so the HTML in question IS a link (whew) to a server that is disposed to redirect my browser (and my IP) to another computer. As long as we are all ‘down with that’, then my question remains: who’s covenants are involved with this kind of activity and are they being violated? 34738[/snapback] See above, reread my previous .... Your "actuvity" description is still in question, the Registrar has certain obligations, the host (should) have some data/control of what's allowed there ...??? again, previously stated .... dbiel, Farelf, Jeff G. ; Thanks to you, too. Repeated often from here. Link to comment Share on other sites More sharing options...
dbiel Posted October 23, 2005 Share Posted October 23, 2005 In an attempt to simplfy a complex thread, I will attempt to summarize briefly. The SpamCop parser is a tool to be used for the purpose of reporting spam to the individuals/orgainizations that should or want be be informed about spam being sent through their systems. It also serves to feed the SpamCop BL. As such certian constraints have been put on the parser to limit false reports. The parser will not and can not find every possible link referenced in a spam message. The parser expects all messages to be formated properly, if they are not, then they will probably not be parsed "correctly". So do not be surprised when links are not found. It is just the way it is. If someone wants to go beyond that which the SpamCop parser supports, then it is up to them to do the research and to submit priviate reports that should NOT contain any reference to SpamCop. Remember that YOU are responsible for every report you send, whether generated by the parser or not. The Parser is just a tool to make it much easier for the average user to try to do something about the ever increasing spam problem. I realize that this reply does not address some of the specific issues raised in this thread, but the simple fact is the questions are outside of the scope of the SpamCop system. Yes they deal with spam. Yes they are appropriate to ask. But they do NOT represent a problem with the SpamCop system or Parser, they fall outside of its scope and involvement. You ask about legal aspects, we are not legal experts so are unable to give any good advise. Keep in mind that the rules seem to be changing daily. What was true yesterday, may be false today. This thread has gotten into way too many separatre issues and as such many of them will be missed or ignored. It helps if the questions are broken down into individual specific quesitons. My personal advise is, if the Parser does not find the link ignore it. It is not worth the effort of tracking it down. Just my personal point of view. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 23, 2005 Share Posted October 23, 2005 Ok, so the HTML in question IS a link (whew) to a server that is disposed to redirect my browser (and my IP) to another computer. As long as we are all ‘down with that’... 34738[/snapback] No, it is a means to show a pretty picture in a non-secure email message. A link, as defined by spamcop's parser, is something intended for the receiver to click on and be sent to their site. That does not happen in this message. The reason those pictures are not reported any longer is because anyone can use the URL to any picture on the internet to include it in a spam and implicate the host of that picture and there were lots of complaints that was happening. Link to comment Share on other sites More sharing options...
rooster Posted October 24, 2005 Author Share Posted October 24, 2005 You ask about legal aspects, we are not legal experts so are unable to give any good advise. Keep in mind that the rules seem to be changing daily. What was true yesterday, may be false today. dbiel; Thank you; and thank you. That at least addresses the substance of my OP. Why this thread ‘wambled’ off into defense of the SC Parser, spam Theory, email handling, ABBA, motorcycles and Tribute Bands …and then meta-criticism of how future generations might view this thread, is peculiar, at least to me; such responses certainly don’t reflect anything stated or implied in my OP. I’m definitely not equipped, and even less disposed, to criticize. Dismissing the machinations of someone like Barnu Rapatska as a, “clueless user”, with, “crummy software”, is not a very proactive mind set. But then, I don’t see myself as more clever that he; else, I would have succeeded in mitigating him a lot more than anyone appears to have done. And I didn’t suppose that a post directing those of us SC supplicants less informed than y’all, and trying to develop our basic understanding, where to find documentation on current, established rules and regulations on specific issues such as the one I attempted to raise, would be, in some wise, inappropriate in this, “forum game”. In fact, one of the reasons I posted was consideration for others such as myself, striving to be sure any complaints we do make are based on solid ground; albeit my attempt appears to have been misguided…. as it turns out. Happy trails, Link to comment Share on other sites More sharing options...
Wazoo Posted October 24, 2005 Share Posted October 24, 2005 dbiel; Thank you; and thank you. That at least addresses the substance of my OP. Your original post included; 34692[/snapback] http://nhayu=2enet/9ehPVFJsPmdE026kOr3D25v...OCw4mBg0wAAITT= Getting SC reports with, “no links found”, Am I correct in assuming this is an example of email address harvesting? If so: 1. Who’s AUPs or other covenants are being violated, and 2. Where can I review the text in preparation for reporting it? Response provided first touched on your "sample" URL .... also getting into the issue of "no links found" results by the parser ... I see the connection between your post and the responses ... I went to extremes to "document" the "e-mail harvesting" action you asked about ... again, I see a connection ... I have twice directly responded to the question about AUPs / TOSs .... with specific justifications as to who is "obligated" to do what .... again, connected and answered Why this thread ‘wambled’ off into defense of the SC Parser, spam Theory, email handling, ABBA, motorcycles and Tribute Bands … When I get time, I'll get around to fixing that or maybe another Moderator will ... then meta-criticism of how future generations might view this thread, is peculiar, at least to me; such responses certainly don’t reflect anything stated or implied in my OP. I’m definitely not equipped, and even less disposed, to criticize. See the above, and try again on the "perspective" explanation ... I'm not following where you don't see the connection between your OP and most of the stuff that showed up afterwards. Dismissing the machinations of someone like Barnu Rapatska as a, “clueless user”, with, “crummy software”, is not a very proactive mind set. But then, I don’t see myself as more clever that he; else, I would have succeeded in mitigating him a lot more than anyone appears to have done. All of the responses provided to this point were in reference to the data you supplied on your OP ..... and as the only/specific example ... analysis is limited to that particular item. If you read closer, nowhere did I make a connection between that sample and a particular person, that's all your data. My remarks are strictly based on looking at this single specific item. And I didn’t suppose that a post directing those of us SC supplicants less informed than y’all, and trying to develop our basic understanding, where to find documentation on current, established rules and regulations on specific issues such as the one I attempted to raise, would be, in some wise, inappropriate in this, “forum game”. In fact, one of the reasons I posted was consideration for others such as myself, striving to be sure any complaints we do make are based on solid ground; albeit my attempt appears to have been misguided…. as it turns out. 34766[/snapback] While you were out, I've been in the process of trying to take the analysis game I started here and blow it into a FAQ ... trying to cover HTTP, DNS, screen display issues, tying that into the SpamCop parsing engine/results ... etc .... also spent time troubleshooting a brother's car with a blowing-fuse problem, did some grocery shopping, repaired and cleaned a chain-saw for a neighbor, mowed a lawn for a lady that is recovering from a hip-replacement surgery (in 37 degree weather) at her request, attempted to add several more "official" FAQ entries into the KnowledgeBase here (only to run into more data issues so waiting for feedback on those), responded to a number of other discussions here, handled a bunch of e-mail (most dealing with SpamCop.net issues) .... let me just suggest that Google is available to most everyone I know with Internet access ... there is a plethora of other, more surgical search engines out there, say if you want to focus on legal issues ... Yet again, 99%+ of the "support" you see "here" is from other users .. volunteering their time, knowledge, and energies to helping folks out ... sorry that you seem to be so disappointed .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.