Jump to content
Sign in to follow this  
moreofless

Paste decoded email body in second box:

Recommended Posts

How do I do this with Yahoo Mail. In the past I would just forward as attachment but that is not a function which is available with Yahoo any more.

Share this post


Link to post
Share on other sites

Body or headers or both? What is the "second box"? You should just use the single box version of the webform submission form - the 2 box outlook/eudora workaround form shouldn't be used/necessary/applicable. I'm probably misunderstanding the question/intent. Aaagh ... in any event a nightmare with "Basic Mail" webmail (which may not be the same as "Classic" but it is what I'm using anyway).

FULL Headers: Need to open the spam (not generally recommended but there seems to be no way around it). Then in the header section, click on "Full Headers". The result looks OK but when copying and pasting, the CR-LFs are lost. Those need to be (manually) restored before the headers are 'parseable'. Easy enough to do but you will probably need to keep referring to the webpage "Full Headers" display because Yahoo headers and fairly verbose. After the headers you need to insert a blank line or two and then some sort of BODY. I suppose you could right-click the (open) message, select "View Source" and pick the message body out of that but that is even worse than sorting out the headers. I would confine myself to copying and pasting the plain text, myself - below the blank line(s) following the headers.

Reporting any significant volume this way requires real dedication and considerable stamina.

Here's an example (non-spam) of Yahoo full headers as pulled out of a display page using the above method:

X-Apparently-To: x; Mon, 26 Jan 2015 16:29:36 +0000Return-Path: <update+kjdmp75wihki[at]facebookmail.com>Received-SPF: pass (domain of facebookmail.com designates 66.220.155.171 as permitted sender) bWlzc2VkIG9uIEZhY2Vib29rLiDDgsKgIMOCwqAgw4LCoCDDgsKgIMOCwqAg w4LCoCDDgsKgIEtpbSBTbHlucyAsIEdyYWVtZSBSZWV2ZXMgLCBHZW9mZiBT aW1wc29uICwgYW5kIDMgb3RoZXIgZnJpZW5kcyBoYXZlIHBvc3RlZCBzdGF0 dXNlcywgcGhvdG9zIGFuZCBtb3JlIG9uIEZhY2Vib29rLiDDgsKgIMOCwqAg WW91IGhhdmUgbWlzc2VkIHNvbWUgcG9wdWxhciBzdG9yaWVzOgEwAQEBAQN0 ZXh0L3BsYWluAwMwAgN0ZXh0L2h0bWwDAzE2X-YMailISG: kdMHkoYWLDvqJCuu9jkr4fmltVgHXKESe4WktLlKT6HXSI9H Ss7ZW9ODUlMAWsHo3uis1ZRdD.VY2nDx2YmTpWNljMKeY2bLnRR55Lxn8EkA CLalCLwjwqxej.wh4fP6yG0e8LRTQDMC_YL4iDTpW9qv4vMvDw9yAPgDKv4Y rzjtjFjpUH6PPIzuemvtmoHnUbu1c9mS2tyeAy5Z198R53fL6WW84jTQ_X.F gxKgKSgQ5xXO1ghKSY6QDT0FCpJFYAQAyckMU4rcW7VeHa3th0Cp6RBj2rjP qwXyHF4Hz7XquI5Bn.eHz6PfdZVFWTg4egAYb7UKs40KLMgxjh0SpEqnpxuo LTOvtmzown5utXQ7u5YOVC3GDvL.9tw9Fh6TDEnHpGjWKkN7L2Iag6i1bEkL xRmqwlV8yS92hqlnrzJaBcznkkkctmu1dIDkPCwJsfScuXCzB1X83k91vt.z fECreGswNJBStWHF8zjHZuP.sNu6D8mK0_jTNUErM_5u.OnLUWEtKRbJ2nEK Hiw2zySYc4mM0OX8YFue.GUMghplUsl_rkKQBgOkh8rFxl_w4Vi5efmQfiAA ReIYnD1XubIE536tSpPeEY8IuyXgHPlUQwbgapWwZCbF4.cFu7.D5MdKO1JF z8L.iXK5.xtyvkCcrulCoihzO7LD5gm6mvoxYfv_T4k.1tdvl3X3c_p0Mdz2 cc.rwC_aFQzL9zVrE_myt8aRIyZhp.CKfHkvvD4jEi3w7tBzUa9.okjWtSeI 3EisKr_YsEf1Ap6.KUq36QFMPhyecjDbv8bDR2w14gzGw3ZR.oi5iNI4BcnW 93afYxBSeHZwC6C2PC._8SLGbFkONJlHU_jZwJveP1B4N50UCjTrIPD8O_uC bVMkmPtCYMqdkATE1YW2.9QiqWQr4ow5PqveHP8lPlL6yGUm1MZCdKCdJ63e 7Q8kJTy68NIfIJAAVogo4sDg7PAk7ObQikveKKnUJzcu.wti2XPpkZJ2KBxd mcmysOZ_p.DYH1eFJYdlJDDNYwIaTWsSF.GBsIUHDHB1F2zLqvGF8yfb2PnU bhE7cZQnBBLvTlkZ5pttQCXjtWLOfZmI_Djh8GA9YKUbiAizYLGXHNuk87.X fZLli6znDplRId94GE8FwyRJOFbJ3kmu7UEwwUL1dW74SYlUXrE.f138tZkC y7tT..Py9lcB5E9TB30OzSXwWwAXKKlIYkuPMnmCHOiCCIXbxudqKHMt4l2L cyTM7FFbzS7G.knLT3JLvYAT3_pE04hi8wjb9y0oF4IZAYiJob9aluqIGdTE pSNncitbEFj5oNIfB2OsxD4cGMmux0_G50K_8jobK9B3qlfb.Rr9_efihCJM mzpFg0ygap7CsmVUCUJVlTMA_qPIx5c2Zr1_hUJQjgOJK_MGA5nJi4sJnFac Fg8Z_Bi1N8pOQY77fyGTyyhtYeSQyeHOfrh0whmnyAm8AzQXUcgL63RlWCkL _S.Pd.JbTLzkZFB6YtBqdya2597Bbw1SGXhNPYgkP8U3A_pac0qC2k6Bcxyo BlIeLEmUOs2IJX5TY1SnyURnj19DzANnUrIFtuNXKynXvw1JQG9O3frF_.Rq jnvGyw.Iv6Qfgx_9fIxd7y6ivys-X-Originating-IP: [66.220.155.171]Authentication-Results: mta1511.mail.bf1.yahoo.com from=facebookmail.com; domainkeys=neutral (no sig); from=facebookmail.com; dkim=pass (ok)Received: from 127.0.0.1 (EHLO mx-out.facebook.com) (66.220.155.171) by mta1511.mail.bf1.yahoo.com with SMTPS; Mon, 26 Jan 2015 16:29:36 +0000DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com; s=s1024-2013-q3; t=1422289773; bh=gqjwC4vcuwDGr4JJ3hHsHG/UyyRZT69r7Ar/jIMhbDM=; h=Date:To:From:Subject:MIME-Version:Content-Type; b=TUDgRHqMdXTPK9IvWB55GGMeBDiv8R0VBwVTYjXAdjrR6UHiqj4kgIKvO1evH0W2t +seYOsebnTyxEsHhF6vrfnFtHwGKGfqLX/9kXVRqrt+KofwaUi+9uuQcxlMtkdBqhR MwLVnCHFYYqw+HAZkdc+8N4XopVobUL/1pqI4Pss=Received: from facebook.com (DhYs2Aup/7k8Ym7EoEKrGpJFgpJKoQr3Iq/5tO0j5PyX+hVlskWZEvFAul1lwk5M 10.212.198.57) by facebook.com with Thrift id 82c0fcfca57811e48d040002c9dd6a1c-d55f32a0; Mon, 26 Jan 2015 08:29:33 -0800X-Facebook: from 10.224.143.39 ([MTI3LjAuMC4x]) by async.facebook.com with HTTP (ZuckMail);Date: Mon, 26 Jan 2015 08:29:33 -0800Return-Path: update+kjdmp75wihki[at]facebookmail.comTo: Steve <x>From: "Facebook" <update+kjdmp75wihki[at]facebookmail.com>Reply-to: noreply <noreply[at]facebookmail.com>Subject: Steve, you have notifications pendingX-Priority: 3X-Mailer: ZuckMail [version 1.00]Errors-To: update+kjdmp75wihki[at]facebookmail.comX-Facebook-Notify: engage_digest_email; mailid=b30689bG5af357c36effG0Gd4G374bb782List-Unsubscribe: <https://www.facebook.com/o.php?k=AS3jHC4EP16JvtAx&u=100001195978495&mid=b30689bG5af357c36effG0Gd4G374bb782>X-FACEBOOK-PRIORITY: 1X-Auto-Response-Suppress: AllMessage-ID: <77c1394b48605652c32eb9d459a21ffa[at]async.facebook.com>MIME-Version: 1.0Content-Type: multipart/alternative; boundary="b1_77c1394b48605652c32eb9d459a21ffa"Content-Length: 19783

Share this post


Link to post
Share on other sites

Body or headers or both? What is the "second box"? You should just use the single box version of the webform submission form - the 2 box outlook/eudora workaround form shouldn't be used/necessary/applicable. I'm probably misunderstanding the question/intent. Aaagh ... in any event a nightmare with "Basic Mail" webmail (which may not be the same as "Classic" but it is what I'm using anyway).

FULL Headers: Need to open the spam (not generally recommended but there seems to be no way around it). Then in the header section, click on "Full Headers". The result looks OK but when copying and pasting, the CR-LFs are lost. Those need to be (manually) restored before the headers are 'parseable'. Easy enough to do but you will probably need to keep referring to the webpage "Full Headers" display because Yahoo headers and fairly verbose. After the headers you need to insert a blank line or two and then some sort of BODY. I suppose you could right-click the (open) message, select "View Source" and pick the message body out of that but that is even worse than sorting out the headers. I would confine myself to copying and pasting the plain text, myself - below the blank line(s) following the headers.

Reporting any significant volume this way requires real dedication and considerable stamina.

Here's an example (non-spam) of Yahoo full headers as pulled out of a display page using the above method:

I have not had any problem with copying the headers out of Yahoo. However, when I copy the body I just get the text not the website addresses linked to that text. Because of that I am not reporting any scam website referenced in the spam. The view source option gives me the source for the whole Yahoo page not the message.

Edited by moreofless

Share this post


Link to post
Share on other sites

Body or headers or both? What is the "second box"? You should just use the single box version of the webform submission form - the 2 box outlook/eudora workaround form shouldn't be used/necessary/applicable. I'm probably misunderstanding the question/intent. Aaagh ... in any event a nightmare with "Basic Mail" webmail (which may not be the same as "Classic" but it is what I'm using anyway).

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp If I understand correctly, either can be used. I believe that the "Outlook/Eudora" workaround simply removes the need to ensure that there is a blank line between the internet headers and the spam body.

I have not had any problem with copying the headers out of Yahoo. However, when I copy the body I just get the text not the website addresses linked to that text. Because of that I am not reporting any scam website referenced in the spam. The view source option gives me the source for the whole Yahoo page not the message.

&nbsp &nbsp&nbsp&nbsp&nbsp Finding the spam source is SpamCop's principal purpose and that is done entirely through analyzing the headers. If you are concerned about spamvertized links in the spam body, you would want to report to a system that has that as its principal role, such as Knujon or Complainterator, which are discussed in other SpamCop Forum Topics. I did some searching in Yahoo!Mail to try to find a way to show the full text of an e-mail but couldn't find one; you could ask Yahoo Support if it's possible and, if so, how to do that.

Share this post


Link to post
Share on other sites

... The view source option gives me the source for the whole Yahoo page not the message.

"View Source" inhcludes the HTML representation of the message (including links) or it does if your Yahoo works the same as mine - but it seems there are some differences. Just search the source page for some plain text phrase from the message body - something from near the top for preference - and it should highlight the appropriate part of the page. Whether or not you can paste that part of the source (just a fraction of the total) into the submission form and have it accepted by the parser is something I don't know.

[at]turetzsr - Steve it was originally FAR more than just "inserting a blank line" - you may recall the parse said something about "correcting bizzaro headers" when the 2-part submission form was used. Maybe it still does, maybe it no longer matters (though Outlook headers remain an issue for e-mail submissions). I don't know. But certainly there is no need to use that special purpose form for Yahoo submissions and there may be some risk of mangling the headers in some instances if it is (mis)used. No real effort involved in inserting the requisite breaks between header and body parts using the single box form, in my view, and safer.

Of course I agree the links are not SC's "main game" but understand those who feel that going after the spam message "payload" is worthwhile. While SC may not be effective against complicit hosts in that regard, the SURBL feed taken from SC report data has some actual leverage. And not all hosts are complicit. But I don't think I would bother in the Yahoo case. Unless that selection of the Body part of "View Source" actually works as a paste-in for the parser (and SC staff don't object).

Share this post


Link to post
Share on other sites

[at]turetzsr - Steve it was originally FAR more than just "inserting a blank line" - you may recall the parse said something about "correcting bizzaro headers" when the 2-part submission form was used.

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp Actually, no, Steve, I don't, so I'm happy that you mention that there is greater differences than I have so far noticed!

Share this post


Link to post
Share on other sites

I've experimented in using the part of "View Source" representing the HTML rendition of the message from (my) Yahoo mail. The parser didn't mind it but neither did it find and analyse the the links. The trial was with a Facebook nag mail which, according to the headers was "Content-Type: multipart/alternative;" and the "View Source" rendition contains none of the requisite boundary declarations in the body so I suppose that is never going to work. It just might work with other content types, I don't know.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×