Way to report URL from image in spam?

[MyNameHere]

Hi folks,

I've been getting spam using images that direct the user to type a URL (typically www.something.ru) into the browser. Because the image is embedded, there is no URL for the SpamCop parser to use.

I thought it would be interesting to see what happens if I just insert the URL into the reporting form. So I did. It parsed the URL and said the last resort contact bounces, but at least it verified it was a real URL.

So I wondered if it's legitimate to paste the headers and body (in the two-part form) then just type the URL at the top of the body, then submit the spam? Or is it not considered ethical to modify the spam contents when reporting?

I realize it's just an exercise in statistics, but maybe it will help somehow.

Thoughts?

Thanks!

[Farelf]

...So I wondered if it's legitimate to paste the headers and body (in the two-part form) then just type the URL at the top of the body, then submit the spam? Or is it not considered ethical to modify the spam contents when reporting?...

Altering the submission to 'help' the parser find something it otherwise would not is one of the big no-nos - Material changes to spam. You effectively agree not to do that when you become a reporter.

"Image" spam comes and goes - here are prior topics that may be of interest:

http://forum.spamcop.net/forums/index.php?showtopic=4515

http://forum.spamcop.net/forums/index.php?showtopic=4527

There are dangers in reading spam, viewing images etc. You can minimize/avoid those by picking up the code of the graphic from the unopened spam using "view source"/Ctrl-U/whatever and running it through an on-line decoder (like Toasted spam).

You can use the parser submission paste-in webpage to get the reporting addresses for any site you read in a picture attachment - just type the URL into the box and parse.

You can send manual reports - or, if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes.

[MyNameHere]

There are dangers in reading spam, viewing images etc. You can minimize/avoid those by picking up the code of the graphic from the unopened spam using "view source"/Ctrl-U/whatever and running it through an on-line decoder (like Toasted spam).

Oooh, that is cool! I expect to use that from now on.

You can use the parser submission paste-in webpage to get the reporting addresses for any site you read in a picture attachment - just type the URL into the box and parse.

You can send manual reports - or, if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes.

Yes, that latter suggestion seems like the best. I can add the contact information from parsing the URL as a reporting address and mention it in the notes.

Thanks!

[turetzsr]

<snip>

if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes.

...For a while, now, that feature has been available to "free" account users, as well. See the option in the "Preferences" tab labeled "Report Handling Options" -- specifically, the section labeled, "Public standard report recipients." Unfortunately, you have to check and uncheck a box that is presented to you in the parse results for each spam to either send or not send a report to that address.

[Farelf]

Wow - thanks Steve. I don't believe I have ever used that option. Somehow its availability on free accounts slipped by me - don't know what, if anything, I thought of it when I saw that item on any of my infrequent forays into the Preferences. I guess I took it it a bit literally - "Public standard report recipients" but of course it can be used for any required address(es) and Preferences can be altered as often as required. "There's alway a work-around," as Miss Betsy would say and this one would be handy with low-volume reporting as an option to manual reporting.

Just noting (last I recall) that field can hold multiple addresses - up to 100 characters total including separators - each address separated by a comma or a semi-colon and a blank space. And these should not include any address that consistently bounces.