Jump to content
Sign in to follow this  
DRSpalding

Munging plain-text From: addresses and obfuscated names in HTML body

Recommended Posts

Hi,

I have been seeing a bunch of LinkedIn phishing spam/scam mails that are using an email address that does not get munged in the reports. The email address is of the form:

This email was intended for somebody#064;example.com

I know it's a lot to ask, but I would really like it if those could be found and cleaned up too, along with the "somebody%40example.com" variant.

I have also recently seen quite a few industriously devious spammers placing the recipient address as the "From:" address as well, which notably, SpamCop does not munge either.

Both of these cases require me to a) be vigilant to them and b\) manual munging of email addresses.

Can either of these issues possibly be addressed?

Thanks!

D.

Edited by turetzsr

Share this post


Link to post
Share on other sites
I have been seeing a bunch of LinkedIn phishing spam/scam mails that are using an email address that does not get munged in the reports.
Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Share this post


Link to post
Share on other sites
Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Perhaps in your case, but in my case I get more LI phish than actual LI email.

Share this post


Link to post
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Not in my case. The phish attempts (or hook attempts, really--they just want the click, not the credentials) are not from LinkedIn, but messages that look like LinkedIn.

It's funny that the '[at]' character with the spammer's "\#064;" (sans the backslash) HTML encoding that I placed in a code block so that it wouldn't be reinterpreted was converted somewhere along the way to another obfuscated form, with the "[at]" human readable encoding. :) If a moderator could edit it back to the way it was to be clear to anyone else that comes along, that would be great, since the one I am requesting a feature upgrade on is actually decodable via a HTML rendering.

Edited by DRSpalding

Share this post


Link to post
Share on other sites
<snip>

It's funny that the '[at]' character with the spammer's "\&064;" (sans the backslash) HTML encoding that I placed in a code block so that it wouldn't be reinterpreted was converted somewhere along the way to another obfuscated form, with the "[at]" human readable encoding. :) If a moderator could edit it back to the way it was to be clear to anyone else that comes along, that would be great, <snip>

...Good catch! Yes, that's our protective scri_pt catcher (my words, not quite sure what best to call the tool, nor precisely what/who provided it -- the underlying third-party Forum software or our Forum Moderator -- my guess is the latter). I put it back, using a space between the 4 and the semicolon, which space can not be seen with the way my browser, Firefox 19.0, renders the text.

Share this post


Link to post
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Yes would think Linkedin would have an easy way of reporting spam their spam to them?

For problem places like that or Facebook or twitter just have it sent to Gmail free throwaway account. They are very good at sorting spam and even if sent to "spam" folder it can still be read

Share this post


Link to post
Share on other sites

...Good catch! Yes, that's our protective scri_pt catcher (my words, not quite sure what best to call the tool, nor precisely what/who provided it -- the underlying third-party Forum software or our Forum Moderator -- my guess is the latter). I put it back, using a space between the 4 and the semicolon, which space can not be seen with the way my browser, Firefox 19.0, renders the text.

You must have caught my message before I edited to correct the '&' to the proper '#' in the HTML literal character encoding. It should be "#064 ;".

Share this post


Link to post
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

It should be said that if you are a LinkedIn user and you have your preferences set to receive notifications by email, that is NOT spam and cannot be reported via spamcop!

Share this post


Link to post
Share on other sites

It should be said that if you are a LinkedIn user and you have your preferences set to receive notifications by email, that is NOT spam and cannot be reported via spamcop!

True, but what I was referring to are the invitations LinkedIn sends out to everybody in a members contact list when a member provides the password to their e-mail account (accidentally or on purpose) so that LinkedIn can "help" the user find additional associates. Those were unsolicited by me and sent by LinkedIn, so they are spam to me. Edited by alvarnell

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×