Jump to content
Sign in to follow this  
dadamia

Forged Mail from UPS and FedEx

Recommended Posts

Yesterday I received a spam message from "UPS Inc.". The from line said "info02695[at]ups.com" and there was a zip file attached. The message was obviously bogus. It did not look like a UPS message, it had several language errors, the tracking number wasn't the right length, and the received lines in the header were not consistent with the from line. I forwarded it to SpamCop, but I never received an email with the link to the parsing information. I submitted it a second time and still got no reply from SpamCop.

Today I got a similar message from "FedEx Inc.". Again, I submitted it to SpamCop, but got no parsing information response. All other messages that I submit to SpamCop are processed quickly. What's going on here? Why is SpamCop not processing these messages?

Share this post


Link to post
Share on other sites

Hi, dadamia,

...There's a SpamCop FAQ article that discusses this very thing! Please navigate to the FAQ (there's a link near the top left of every SpamCop Forum page) and look for the link labeled "Emailed spam Submissions Disappearing? No Confirmation e-mails?" If you have any questions after reading it, please return here and post a "reply" with your questions.

Share this post


Link to post
Share on other sites
but I never received an email with the link to the parsing information. I submitted it a second time and still got no reply from SpamCop.

Today I got a similar message from "FedEx Inc.". Again, I submitted it to SpamCop, but got no parsing information response. All other messages that I submit to SpamCop are processed quickly. What's going on here? Why is SpamCop not processing these messages?

What are you tracking URLs?I got one of these too and the parser is working for me.

Share this post


Link to post
Share on other sites

I have recieved countless of these lately filtered and defanged of attachment by Positni for containing malware. I was able to parse those e-mails manualy.

Share this post


Link to post
Share on other sites
What are you tracking URLs?

<snip>

...Normally that would be a good question; in this case, however, the requester will not know the tracking URL if the SpamCop parser does not return a reply! :) <g>

Share this post


Link to post
Share on other sites
...I forwarded it to SpamCop, but I never received an email with the link to the parsing information. I submitted it a second time and still got no reply from SpamCop.

Today I got a similar message from "FedEx Inc.". Again, I submitted it to SpamCop, but got no parsing information response. All other messages that I submit to SpamCop are processed quickly. What's going on here? Why is SpamCop not processing these messages?

First thing I would suspect is that your email provider is deleting any of your mail containing malware. Malware in zipfiles is as easily detected as the the unzipped variety and sometimes it is not a zipfile at all - just an executable thinly disguised as a zip.

Can you find the FAQ referred to by Steve (turetzsr)? You can verify whether or not that is happening. If it is, you can still submit by using your webform submission page.

Why would your ESP let malware in but stop you sending it out? We don't know that is your situation yet but that happens quite a lot. Either it is a matter of timing (takes time for new malware to become known and it it slips in before that happens but by the time you are ready to send it out it is known) OR it is cheaper and creates less conflict with customers just to block the stuff going out. Or another possibility - inwards filtering might be user-enabled (but outwards filtering, if in place, is mandated - user has no option and usually no knowledge). Certainly it is cheaper not to tell the customers when outgoing filtering activates (never heard of a provider that does that).

Share this post


Link to post
Share on other sites

I have asked the user to contact me directly so I can assess the facts. That sounds like the only reasonable course.

Sending the user off to look for an alleged FAQ about the problem doesn't seem useful. Since the volunteers can't find the FAQ, or they would have posted a link to it, I have little confidence that the FAQ even exists.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

.

Share this post


Link to post
Share on other sites
I have asked the user to contact me directly so I can assess the facts. That sounds like the only reasonable course.

Sending the user off to look for an alleged FAQ about the problem doesn't seem useful. Since the volunteers can't find the FAQ, or they would have posted a link to it, I have little confidence that the FAQ

Geeze, ancient material ..... as turetzsr described ..... several links at the top of this and most every Forum page provided to do a search or go to a specific place. In this case, there are at least three direct links to the SpamCop FAQ as found here (noting that the Original/Official FAQ contains none of this) ... and the section described looks like;

Original SpamCop FAQ & Added Forum Items, Never up to date, changes often .... jumping/sliding down to;

E-mail Submittal Problems / Issues

E-Mail spam submittals blocked by your ISP? Updated!

Emailed spam Submissions Disappearing? No Confirmation e-mails?

Colors and everything! And as 'we' like to point out, just look at all the other stuff that might accidentally be discovered/learned while doing the little suggested legwork.

Share this post


Link to post
Share on other sites
I have asked the user to contact me directly so I can assess the facts. That sounds like the only reasonable course.
...Thanks, Don, that is always a good course of action. Those of us who try to help users here do so on the assumption that either the requester prefers to try user-to-user assistance first or because SpamCop prefers requesters come here first.
Sending the user off to look for an alleged FAQ about the problem doesn't seem useful. Since the volunteers can't find the FAQ, or they would have posted a link to it, I have little confidence that the FAQ even exists.
...Note to non-regulars here: IMHO, Don has no particular authority with respect to what may or may not be found in this Forum and, therefore, his comments about the link to the FAQ that I referenced are to be treated as unauthoritative opinion, only. As such, his opinion is welcome (but, in my view, false).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×