incorrect url parsing for report

[AndCycle]

I submit a spam contain a link look like this

http://kkoi99.net/3589yu0hbirwpihwr/#mKuhZnA[at]http://msn.com

but spamcop report service only parsed out this

Tracking link: http://msn.com/

well, this result in false link tracking and fire report to wrong person,

this is my report result

http://www.spamcop.net/sc?id=z2850294741z0...f115b8801b2e0fz

who should I contact with this parsing issue? :<

[Miss Betsy]

It is well known that spamcop does not always correctly parse the links in the body of the spam. There are many reasons for this spamcop failure. The primary reason is that spamcop concentrates on correctly selecting the sending source. It continues to find those links that spammers have not disguised because some people do want to know those links.

Please notice, spamcop did not send a report to msn. If you notice that spamcop directs you to send a report to a wrong person, you can uncheck the report before you submit reports for sending.

In addition, there are other blocklists that concentrate on the links in the body of the spam. They use their resources to find the correct address of the link. They do not attempt to find the source.

Spamcop is a tool for you. Spamcop finds the source IP address. You need to use another tool to find all the links in the body of the spam and report them.

Miss Betsy

[SpamCopAdmin]

I submit a spam contain a link look like this

http://kkoi99.net/3589yu0hbirwpihwr/#mKuhZnA[at]http://msn.com

Actually, the link looks like this:

oi99.net/3589yu0hbirwpihwr/#mKuhZnA[at]http://msn.com

Here is what the link looks like in the context of the previous line in the body text of the spam:

(=A6p=B1z=A4=A3=AF=E0=B6}=B1=D2=A6=B9=ABH,=BD=D0=AB=F6=A6=B9)=A1Ghttp://kk=

oi99.net/3589yu0hbirwpihwr/#mKuhZnA[at]http://msn.com

I don't think it is possible for SpamCop to recognize the line as a URL.

- Don D'Minion - SpamCop Admin -

.

[AndCycle]

but thunderbird parse the url complete correct, I think SpamCop should take a look around it,

I got more and more mail in this url format :<

http://www.spamcop.net/sc?id=z2863545090z2...52723629cd0e1dz

[StevenUnderwood]

but thunderbird parse the url complete correct, I think SpamCop should take a look around it,

I got more and more mail in this url format :<

http://www.spamcop.net/sc?id=z2863545090z2...52723629cd0e1dz

Reports regarding this spam have already been sent:

Re: 220.166.64.231 (Administrator of network where email originates)

Reportid: 4113235436 To: abuse[at]ns.chinanet.cn.net

Reportid: 4113235439 To: postmaster[at]sc.cninfo.net

Reportid: 4113235440 To: anti-spam[at]ns.chinanet.cn.net

Reportid: 4113235446 To: abuse[at]mail.sc.cninfo.net

Re: http://gmail.com/ (Administrator of network hosting website referenced in spam)

Reportid: 4113235459 To: abuse#google.com[at]devnull.spamcop.net

Please be careful as google.com should not have received a report for this spam. You should have unchecked that box before sending your report. I realize the google did not physically receive a report in this case, but it is an invalid report.

[Miss Betsy]

There may be lots of applications that can translate that url correctly.

Spamcop is not one of them. It is not the appropriate application to use.

There are lots of ways that you can force a nail into a board. There are even different types of hammers - from tack hammers to sledge hammers. You do not use a sledge hammer to hang a nail for a picture.

Substitute 'nail into a board' with 'translate url' - Substitute spamcop for 'sledge hammer'

Actually, spamcop is a different kind of tool entirely. It is like using a screwdriver to hammer nails.

What's confusing is that it does translate some urls correctly. In a pinch, you can hammer something with a screwdriver or stir your drink even. It is just not made for those uses.

In the beginning, it made sense to send reports to the owners of sites that were advertising by spamming. It does not make sense for the urls that it cannot translate. The spammers who make those urls untranslatable do not intend to pay attention to any reports.

Miss Betsy

[AndCycle]

Please be careful as google.com should not have received a report for this spam. You should have unchecked that box before sending your report. I realize the google did not physically receive a report in this case, but it is an invalid report.

I know, this is the second time I missed click on the send report button,

when I wake up in the morning and get tens of spam in box waiting for send out to report,

this kind of url just hidden in one of them,

I used to send in batch, open them all,

look around, send report, look around, send report, look around and send ... wait, god damn I missed that,

that's why I'd rather spamcop get parsing exception around this,

seems admin say this is impossible for them, so I have drop it to another category

[AndCycle]

In the beginning, it made sense to send reports to the owners of sites that were advertising by spamming. It does not make sense for the urls that it cannot translate. The spammers who make those urls untranslatable do not intend to pay attention to any reports.

I know the spammers won't give a damn to any report,

but this kind of url translate and tracing ususally result in sending report to ISP,

because spam site won't set up any mail contact within their configuration, or the site just sitting on another botnet,

and I do have received spam site sitting in my local ISP,

and my local ISP do take action on this kind of report,

[Farelf]

...seems admin say this is impossible for them, so I have drop it to another category

Nothing's impossible but it's a little hard to deal with the vast number of misconfigurations witless (and sometimes designing) spammers blunder into or find. It has been said before that Julian (and SC in turn) had no wish to follow the popular mail clients-browsers in their varying forays into the wilds of non-compliance. And 'spamvertized' links are a low priority anyway. No doubt, if this one became a sufficient problem 'Engineering' would be tasked with finding a way to handle it. In the meantime, that example at least is safely devnulled should it slip through. But, as Steven has pointed out and you're all too aware, that may not be the case with 'similar' ones - now and in the future. We all have to take care. Fortunately, if the past is a guide, such 'exploits' have a limited life (though they can recur, 'ages' later). It's by no means easy, this reporting business.

[Farelf]

...this kind of url translate and tracing ususally result in sending report to ISP, ... (for instance) I do have received spam site sitting in my local ISP, and my local ISP do take action on this kind of report,

Sadly, when reporting seems worthwhile but SC doesn't identify a destination for reports, the options within this system are limited - a Manual report is about as much as you can do. There are other organizations better suited to dealing with weblinks, 'drop box' addresses and other matters treated as 'peripheral' by SC (due to the need for SC to concentrate on its core activities). In my opinion.

[Miss Betsy]

It is more friendly to notify your ISP yourself rather than sending a spamcop report.

You should look into Knujon - many people send their spam to both spamcop and knujon. Spamcop finds the source and Knujon finds the spamvertised sites.

Miss Betsy

[AndCycle]

ok, I gonna try out Knujon and keep spamcop for quickreport only :X

[g4mby]

ok, I gonna try out Knujon and keep spamcop for quickreport only :X

Just be aware that KnujOn may not take action against all the spam that you submit. My latest KnujOn report says that over 67% of all the domains that I have submitted are classified as "No action" taken.

[epgeek]

Just be aware that KnujOn may not take action against all the spam that you submit. My latest KnujOn report says that over 67% of all the domains that I have submitted are classified as "No action" taken.

My KNUJON report also shows about 67% of my spam classed as "no action". I think KNUJON owes an explanation as to why that is?

[Lking]

My KNUJON report also shows about 67% of my spam classed as "no action". I think KNUJON owes an explanation as to why that is?

So that means 33% of the sites you have reported are pending or suspended. So of the 23,045 sites I have reported to KnujOn that would be 7,604 sites suspended (or pending). SpanCop doesn't block every IP that you report either. I guess I don't understand your point.

[rconner]

I guess I don't understand your point.

For my money (which actually is invested in a KnujOn paid account), I don't think that they are very responsive to customer inquiries. I've send them a few, but never got any answers at all (not even pro-forma answers). Some of the things I have seen done with materials I reported to them seem very puzzling to me. Still, I can't deny that they have had quite a bit of favorable influence, so I will continue to send them my spam for the moment.

-- rick

[g4mby]

SpanCop doesn't block every IP that you report either. I guess I don't understand your point.

But an abuse report is still sent by SpamCop whether an IP is added to the SCBL or not. KnujOn's "No action" means exactly that.

[g4mby]

Rik, the board doesn't seem to want to allow me to quote any of your last post but I am too finding that KnujOn is unresponsive to user feedback.

For several months they have been quoting the domains of a number of UK banks who are clearly not spamming but are victims of phish attacks and the subsequent reportsthat have been submitted. Not only are KnujOn unwilling to remove these domains from their lists they are also unwilling to answer any queries regarding the non-appearance of submissions on user reports. I sent several hundred spams to them one weekend and not one of them appeared in my reports. :angry: