What was Wrong w/My Submission?

[emanmb]

Below is a spam I submitted today that was rejected because "IP doesn't do something something".

Strange thing is, I re-submitted it just now and it went through and I was able to report it. Was it just a weird fluke thing happening w/spamcop when I reported it earlier?

I always strip my email address from these reports since they go to various reporting agencies that might not be as diligent as SC in doing it for me.

Also, since there's no way to get the html code in yahoo spam short having it go to my POP inbox (where I can change it to a source view), I add the links since my guess is SC and others cannot read the html if it

isn't broken down for them.

I'm am wondering, is that is a good or correct thing to do?

Eric

From stodghillszhernandes[at]hotmail.com Mon Mar 22 06:21:34 2010

X-Apparently-To: via 69.147.85.92; Sun, 21 Mar 2010 23:21:34 -0700

Return-Path: <>

X-YahooFilteredBulk: 65.54.190.15

X-YMailISG: 4bTjBugWLDtTTk8NtiQrdDJIKg6hkkPxUlgQA6snN7cQuwP1t0q.cc.1LeIdAgvmnIzC6K8LeeWJAWxk14zkNfBrylsakwzCT6pSiv92srSvA3h1OxmPkfZeaauASwhMIK7yo0HTxABR8apYTGmZlmN6WraN0gExD4Aq.ToEYCAXhqdSChgRbYjknl3r72WaeTBgzPtcGxMLe5U5w0pcUrC0ugLBYlW5FsI3L.4GPOTb1xo3PekR_S64d0XpX9fOxOE6n_LS72l6C0boT5PZbxwyPIFytZPpSda1VBC5jU.7FGSI9jZPy0WsnIfsRUFfd5ce1YMOCGS5.PLpuUFet4qZCPXqpdKPi.o7ta3CG7vaEidp

X-Originating-IP: [65.54.190.15]

Authentication-Results: mta165.sbc.mail.mud.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)

Received: from 207.115.20.16 (EHLO flph257.prodigy.net) (207.115.20.16)

by mta165.sbc.mail.mud.yahoo.com with SMTP; Sun, 21 Mar 2010 23:21:34 -0700

X-Originating-IP: [65.54.190.15]

Received: from bay0-omc1-s4.bay0.hotmail.com (bay0-omc1-s4.bay0.hotmail.com [65.54.190.15])

by flph257.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id o2M6Lalu013970

for <>; Sun, 21 Mar 2010 23:21:36 -0700

Received: from bay0-mc3-f5.Bay0.hotmail.com ([65.54.190.61]) by bay0-omc1-s4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

Sun, 21 Mar 2010 23:21:33 -0700

To:

Date: Sun, 21 Mar 2010 23:21:34 -0700

Message-ID: <BAY0-MC3-F54DE763BB8D65F8D434B2C0270[at]phx.gbl>

In-Reply-To: <abddda4210031975djbrqp92dvnsc60596ztwgjt5974[at]mail.gmail.com>

X-HM-Routing-Path: nDRqPHX0ZSKtMpEsPAWCdmOyHrjXosBLcAOZsCA8a8HacbcDvo3dEvHVwyn5w/lU+Z/ffj3zwiJcni+1TZq1ci1mkQOK471+0r16CCT9XzYtfpOOCNvwlhgzQZttbedFFDSSLktqv0qvAQkrEJfvcj7cXDGbN8CrNx22EgXbl70=

Content-Type: text/html; charset="iso-8859-1"

From: <stodghillszhernandes[at]hotmail.com>

Subject: Vacation reply

Content-Transfer-Encoding: quoted-printable

MIME-Version: 1.0

X-OriginalArrivalTime: 22 Mar 2010 06:21:33.0793 (UTC) FILETIME=[EB3D9510:01CAC987]

Content-Length: 2470

HUGE Discount. MAC & PC. Adobe InCopy CS4

This message contains graphics.

To view this email as a web page, click here.

HUGE Discount Adobe InCopy CS4.

Unsubscribe http://appserver.lasalle.edu.co/salle_prue...mlrpc/index.php

http://appserver.lasalle.edu.co/salle_prue...nsubscribe.html

Profile

http://appserver.lasalle.edu.co/salle_prue...hp#profile.html

This email was sent by: Ria

16284 Hutton Dr Ste 599 Dallas, TX, 66649-6036, USA

Copyright 2010. Ria Marketing. All Rights Reserved.

[Farelf]

Below is a spam I submitted today that was rejected because "IP doesn't do something something".

Strange thing is, I re-submitted it just now and it went through and I was able to report it. Was it just a weird fluke thing happening w/spamcop when I reported it earlier? ...

Impossible to tell Eric, unless someone adds a "me too!" and provides better data. It is nigh on useless to post the spam here (and aggravating to those who get enough spam of their own) and downright disheartening to those who have been to trying for years to educate those who come here "better". You see, what you post gets altered by the process and it becomes guesswork as to what the original spam might have 'looked like' to the parser.

What we need is a Tracking URL which, as that linked explanation says, looks something like http://www.spamcop.net/sc?id=z3843121835ze...aed1766f5aaf43z and *that* incidentally is my guess as to what your modified spam would look like to the parser. I can't see exactly what you are trying to describe but confess I'm a little too disheartened right now to try too hard. I will get over it. You can always get a tracking URL, even before the report is sent or cancelled or the parser says "nothing to do" by picking up the similar-looking link at the top of the parse.

... I always strip my email address from these reports since they go to various reporting agencies that might not be as diligent as SC in doing it for me. ...

You're not paranoid if they're really out to get you. Munging your name/address/identifier is permissible change as explained in Material changes to spam.

...Also, since there's no way to get the html code in yahoo spam short having it go to my POP inbox (where I can change it to a source view), I add the links since my guess is SC and others cannot read the html if it

isn't broken down for them.

I'm am wondering, is that is a good or correct thing to do?...

Aaaagh! NO! You must not 'help' the parser in any way, as the Material changes to spam statement says. If you do, then your reporting can be suspended - What if I break the rule(s)?. And then you have to convince Don you will sin no more before ever being allowed back in. I don't know but there may be degrading and humiliating rituals as part of that process. Never, ever make "material" changes. SC relies on the integrity of its reports and the reliability of its reporters. Don't let us down!! Seriously.

Now, what can you tell us any more about whatever it was you saw that prompted your post? The reporting addresses can change 'on the fly' and part of that change can involve messages about ISP not wanting reports. With munged reports there are a few who won't accept your reports anyway - unless you do all your munging manually - and you shouldn't be doing that to circumvent their requirements (besides you might sometimes forget ).

Also, what's that about your submissions looking different to your POP inbox source view? They should look the same (to the parser), apart from extra headers (?) added in the POP process.

[Farelf]

...Also, since there's no way to get the html code in yahoo spam short having it go to my POP inbox (where I can change it to a source view), I add the links since my guess is SC and others cannot read the html if it

isn't broken down for them.

I'm am wondering, is that is a good or correct thing to do?...

Maybe I misread/read too much into that before. If your submission method is to copy the full headers out of Yahoo and to copy the text body (including links) in full out of Yahoo and post those combined into the submission form, that should be okay. You are not manipulating/processing anything. It may be personally undesirable to you as a security issue though - in terms of you having to open the message to do all of that. Much better if you can email the submission following POPing to another account (with your mailhosts configured appropriately). SC can handle text or HTML in finding links (though it doesn't try as hard as your browser might with the HTML).

[petzl]

Maybe I misread/read too much into that before.

There seems to be a lot of competition to get one signed up for a email account?

While Yahoo and Gmail offer good service, they simply do not want "outsiders" dealing with their spam problem.

The spam "border wars" have been going since last millennium with shills from "competitors invading forums to denigrate effective spam control such as "ORBS" ("they" succeeded in killing) and SpamCop which so far has survived the lot. It's main strength is reporting to ISP a security problem, most react to.

My advice is to face up to getting a SpamCop email account and using the Spamcop addy you choose, I do use a Gmail web account for the infomercials I sign up for like "first contact", travel, shares, etc.

[emanmb]

Well maybe as I may have been unclear but point taken.

Yahoo (ATT) spam filter catches 99.9% of my spam and blocks a lot I'm guessing.

That which gets through to my spam folder remains on the server.

I right click the spam, get the full headers window, copy, then hit FWD.

I then paste the header into the top of the FWD and delete my addy from there.

If the links are not spelled out, I will then right click the HTML links, which yahoo doesn't provide the source code of, and click "copy link". I then paste that next to the text the link is embedded in such as CLICK HERE TO GIVE ME YOUR IDENTITY www.i'm a spammer .ru/cn/th/etc.

Then I send it.

Now the reason I mention this method is because I am curious if this invalidates the report or if it is a poor reporting method. It certainly increases the work I have to do.

If it is or does, then what I would have to do is click the "Not spam" button so that it will be sent to my mail client where I can easily and safely convert it to it's source code.

If I were to do that, it makes me wonder if it would cause Yahoo to "unlearn" the spam parameters that got the spam into that folder in the first place. Although nowadays (I just realized) I could just drag the spam to the inbox in my browser and perhaps eliminate the risk (if there is one) of Yahoo unlearning what is spam and then it would show up in my email client.

Anywho, open to suggestions here.

Maybe I misread/read too much into that before. If your submission method is to copy the full headers out of Yahoo and to copy the text body (including links) in full out of Yahoo and post those combined into the submission form, that should be okay. You are not manipulating/processing anything. It may be personally undesirable to you as a security issue though - in terms of you having to open the message to do all of that. Much better if you can email the submission following POPing to another account (with your mailhosts configured appropriately). SC can handle text or HTML in finding links (though it doesn't try as hard as your browser might with the HTML).

[turetzsr]

<snip>

I right click the spam, get the full headers window, copy, then hit FWD.

<snip>Now the reason I mention this method is because I am curious if this invalidates the report or if it is a poor reporting method.

<snip>

...My guess is: yes, to both questions! Please see suggestion from SpamCopAdmin (Don D'Minion) for what I would think is the "right" way to do that.