Jump to content
Sign in to follow this  
David40

[Resolved] Something I can't explain

Recommended Posts

While trying to post a spam email to Spamcop I will go through the pasted email line by line and edit out the "ad" that my AVG Antivirus tags onto every email I send or receive (www.avg.com). Once in a while, after going through an email I'll discover I can't find any link to AVG, but when I process the email I see the AVG URL has been found in the email with the usual "ISP does not wish to receive...blag, blah, blah."

So the question is, how is it the AVG URL is being found by SPAMCOP when I can't find the AVG URL in the email? Is it possible it's somehow hidden from view? I can't explain it.

Thanks

Share this post


Link to post
Share on other sites

You're wasting your time.

SpamCop won't send a report about www.avg.com so there is no need for you to remove it from your spam.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

Hi, David40,

...If you would be willing to provide a "Tracking URL" of a SpamCop parse of such a spam, we may be better able to answer your question. Some possibilities that occur to me:

  • The spam is constructed in a way that prevents your e-mail client from displaying the URL to you.
  • The URL is actually in a header rather than the spam body.
  • The messages from the SpamCop parser that mention AVG are doing so not due to an AVG URL but a reference to a host for which AVG is the abuse address. This is almost certainly not the answer in your case based on what you have posted ("I see the AVG URL has been found in the email").

Share this post


Link to post
Share on other sites

Even though AVG does not get reported it makes me wonder what else might be being hidden. I'm curious about the "how" as well. I'll post the Tracking URL next time I get one of those, which is not often.

Thanks

Share this post


Link to post
Share on other sites

...Did you try decoding the BASE64 code? Perhaps it's in there somewhere ....

Share this post


Link to post
Share on other sites

Yes, the links are in the Base64 stuff (as text), including innocent bystander AVG. Evidently parser "de-obfuscating" works just fine on that.

incidentally, I use ToastedSpam for decoding - and there are many others. Had to remove linewrapping in the code by the way - O/P's mail client or something else in the receipt-copy-paste chain is not ideal for forensics but no big thing.

Share this post


Link to post
Share on other sites

That's all Greek to me but thanks guys for confirming my suspicions. At least I know my eyesight isn't failing me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×