Material changes to spam
SpamCop does what it does and doesn't do for a reason. Do not make any material changes to spam before submitting or parsing which may cause the SpamCop parser to find a link, address or URL it normally would not, by design, find.
The
SpamCop parser does not generate
reports for From: or Reply To: addresses.
Do not add these within the body of the spam to cause a
report for these to be generated.
The SpamCop parser does not decode javascript because it does not have its own javascript interpreter. Unless you can properly decode the javascript, even what you see may not be correct. Do not make any changes to the spam to cause SpamCop to report addresses, links or
URLs that are contained within the javascript, decoded or not.
It is okay to
munge your personal email address contained within links in the body of the
spam, if the
SpamCop parser does not find and
munge them, with one exception. If a
report is going to an abuse desk that does not accept munged reports,
you must not make even these minor changes to the
spam.
Base64 Encoded Spam - Many spammers are sending messages with Base64 encoded bodies. While SpamCop normally decodes and parses Base64 fine, it is possible for spammers to hide your address or other identifiable information within the encoded body.
For this reason,
SpamCop has made an exception to the normal alteration rule
for those who know what they are doing:
- Use a Base64 decoding tool like http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/ ∞
- Remove the encoded Base64 body and replace it with the decoded text
- A disclaimer must be added to the top of the spam body. (Remember to leave a blank line between the last header line and your disclaimer):
- "I have decoded the original Base64 spam body and munged personal details that were in that body. The original body has been replaced with this decoded text. I understand that you may consider this to be altered and not acceptable as evidence."
Update: per a discussion at
Tracking sender of reports∞ the definition of allowable edits was extended 26 August 2007 ....
- Here is a more carefully worded version of my previous statement:
-
- It's OK to remove any personally identifying information wherever it appears in the headers or text of the spam. It's OK to delete your name or email address, and it's OK to remove any tracking codes that might lead to recipient identification.
-
- It is NOT OK to remove or alter server info, or to remove complete lines from the headers.
-
- - Don D'Minion - SpamCop Admin -
Update: spamcop newsgroup thread at
http://zeta.cesmail.net/pipermail/scspamcop/2008-January/thread.html#5660∞ includes the following expansion;
- Altering spam headers is absolutely not allowed. It's a *HUGE* taboo with us.
-
- You can delete your personal information from the spam, and if it comes in with no body text, you can add a small note to that effect, such as "no body text."
-
- That's the limit.
-
- -Don D'Minion - SpamCop Admin-
SpamCopReporting
CategorySpamCopReporting
There are no comments on this page. [Add comment]