Jump to content
Sign in to follow this  
Lancer525

Something that really grinds my gears... Yahoo spam links

Recommended Posts

I don't know if its just because I'm stupid, or because it is something that is really wrong, but just about every single email I run through SpamCop does the exact same thing.

I'll copy the email, paying close attention to links in the body, even sometimes going to another computer to open a link just to make sure it's a working, valid link, only to get this line in the parsed results that says:

Finding links in message body

no links found

I've even gone so far as to send myself an email from a throwaway, where the message body was comprised of links to valid sites, such as www.yahoo.com, www.google.com, www.microsoft.com and www.disney.com, only to get the exact same incorrect, erroneous line that says "no links found"

How can I have any confidence in SpamCop even doing anything at all with the spam I send in faithfully, when it can't even identify a plain basic link in a message body?

Here's another example, the tracking link of most recent one I sent in, just a few minutes ago:

https://www.spamcop.net/sc?id=z6064250455zcc20fea973806f69be5e23355f5d8b8bz

I even went so far as to open the links in another computer (an old laptop that is hopelessly out of date, and pretty much worthless) copy the url from the web browser, and paste them in place in the body text of the message, only to get:

Finding links in message body

no links found

I know bloody %^#& well that there ARE links in the body, because I see them there, and put them there myself.

Why doesn't SpamCop identify them, and deal with them?

Share this post


Link to post
Share on other sites

<snip>

How can I have any confidence in SpamCop even doing anything at all with the spam I send in faithfully, when it can't even identify a plain basic link in a message body?

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp Well, if SpamCop were designed as a facility to identify links in e-mail messages, it appears to me that you'd definitely have a case. I would refer you to the SpamCop FAQ item labeled "SpamCop reporting of spamvertized sites - some philosophy." Short version; SpamCop's identification of links, when it works, is "gravy." You may be interested in Knujon and/ or Complainterator, more about which you can find in these Forums by using the Search facility.

&nbsp &nbsp&nbsp&nbsp&nbsp Neverthless, since you do seem to have found a possible problem with the SpamCop parser's ability to identify what do appear to be valid URLs, you could address this to the SpamCop Deputies by writing to them at e-mail address deputies[at]admin.spamcop.net to ask if they would be willing to explain what it is about those links that causes the parser to not recognize them as such.

Share this post


Link to post
Share on other sites

The body is incomplete, not in the required message format. The headers include:

Content-Type: multipart/alternative; boundary="----=MailPart0000_0010_C46147BD"

The parser is looking for that boundary (and some subsidiary content statements) and the closing boundary (----=MailPart0000_0010_C46147BD--) in the body. It can't interpret your plain text substitution without those for that content type. This is a slightly complicated area of arcane lore and I'm a bit stupid with it too - can't say that I understand it in the necessary detail myself. You need to be able to view (and copy) the "Message Source" (or equivalent terminology) within your mail client to retrieve the full format of the message body. There's no real point IMO in learning enough about it to

1) "re-engineer" the format or

2) alter the Content-Type: header

since that - potentially in the first case or actually in the second - steps onto the forbidden ground of "helping the parser" ("Material changes to spam").

It should be no problem if you could make your submissions by e-mail. But more and more networks are happy to let a little spam in but none out (not even to SpamCop). Hysteresis in the filter heuristics or simple self-interest, I'm not sure. I suppose intermediaries in the routing come into it as well - it's amazing anything goes anywhere, "thanks" to spammers. But you could try?

JMO

This topic might be more appropriately placed in the "Reporting Problems" forum section - might move it there yet, depending how the discussion develops.

Share this post


Link to post
Share on other sites

Forgive me, gentlemen, but my ignorance of the matter really compels me to only percieve what you have written as jargon and mumbo-jumbo. It means something of great import to you, and I truly appreciate that, but to me, it may as well be Attic Greek.

My knowledge level only shows me what I am capable of understanding, which is, as I have said, there are active links in the full message headers I have run through the form, only for it to tell me there are no links present, which I can see with my own eyes not to be true. I know what full headers are, and I know how to get them out of Yahoo, even if I have to paste them into Word, and remove tabs, rearrange the margins, and cut out that bloody extra line-space it puts in between the headers and body. It was weeks before I figured out that only one line-space was permissible. I can's say that I've never submitted an email with an additional link pasted in, but only in a futile attempt to get the bloody thing to recognise a link!

The mysterious mechanisms that cause all of this to be so, are so much like a foreign thing to me that they may as well not exist in my view of the matter. It has been said that the native aboriginal North Americans who were here when the ships of the Pilgrims arrived, failed to even see those ships until the Englishmen were literally standing upon the beach, because they had no idea, no concept, and no sense of what a ship even remotely looked like, so much so that the vessels never even registered in their consciousness.

I find myself in almost that same situation. You are clearly casting pearls before swine with your explanations.

I don't know that I would even call what I wrote that which would even rise to the level of a problem to be reported, as much as it could be called a frustrated vent of an ignorant user.

Share this post


Link to post
Share on other sites

Ah, Lancer, you are another victim of Yahoo's relentless pursuit of "improvement" by way of kaizen. Trust me, you have done very well to extract the full headers in "parseable" form - don't sell yourself short, many will have read that in your second post and be full of admiration. Including me.

If you refer to http://forum.spamcop.net/forums/topic/12713-forwarding-as-attachment-from-new-yahoo/ you will see that a way was found to make e-mail submissions (forward as attachment), only for it to be mercilessly snatched away by the next round of improvements. Possibly. It may still work for some, the version of Yahoo mail comes into it, also the browser and browser settings and (if I recall correctly) some details such as JavaScrіpt being enabled - I lost track long ago. Successful e-mail submission overcomes your problem by passing on the whole message format (headers and body) to the SpamCop parser.

If you can't do that, you can only get the plain text links in the body of the paste-in spam accepted by the parser if the header item "Content-Type:" is missing or has the values "text/plain" or "text/html". I think. But certainly NOT "multipart/alternative", as is in your example. I too operate mainly in a state of numinous incomprehension.

Steve

Share this post


Link to post
Share on other sites

One other thing that bothers me about all this.

If the Content-type header says ""multipart/alternative" then that's what's there.

Farelf wrote: "You need to be able to view (and copy) the "Message Source" (or equivalent terminology) within your mail client to retrieve the full format of the message body."

The version of Yahoo Mail that I use, only gives me the option of "view full headers" and doesn't give me the message source. What I get, is what I copy and paste into the SC parser. Oh, I may have to go in and paste it in Word to remove tabs, reset margins, and take out line-spaces, as I've said, but I do not decide, nor do I control what Yahoo gives me when I click on the "Full Headers" link. I do not use the "new full featured Yahoo! mail" but rather the old, "Basic" Yahoo! mail. I don't like the popup ads, and other problems with the new mail.

Please don't assume that I'm stupid, and don't know how to copy and paste, just because I am completely ignorant about how these things actually work. The two are totally different.

If I have to change the "Content-type" header to make it work, then it is indeed a problem with SpamCop, and not my purview to alter. A link is a link is a link. The URL is the URL is the URL. There is no way around it, no matter how much jargon, semantics, or hyperbole gets used to describe it.

It is really a shame that nothing appears to even happen when an email is forwarded through SpamCop, other than perhaps an uptick in the number of similar spams in my inbox. Do these people even understand that no one likes spam? How is it possible for them to have enough financial gain from even doing it, to make it so prevalent?

Share this post


Link to post
Share on other sites

There was no insincerity in anything I posted Lancer and if you have managed to construe otherwise then I am sorry but must decline blame, praise is not belittlement and common difficulty is no cause for division.

You are correct that the "Content-Type:" header must not be altered under the provisions of the "Material changes to spam" reference already provided however if you receive spam without that header or with the other content types noted within that header then you should not have difficulty with any (plain text) links in the body.

SpamCop long ago decided not to try closely matching the great profusion of non-standard approaches to non-text messaging foisted upon the users of the great mail service providers (a disparity in budgets for one thing), consequently there are many instances where the parser cannot resolve all material presented in the changeable environment. SC staff do request development resources for the parser and I am sure would be open to suggestions for their future bids - especially in relation to the Yahoo matter which has become chronic. I shall move this topic to the "Reporting Help" section where they are more likely to see it and where, incidentally, there are many other topics touching on the reporting of spam received from/through Yahoo. You could see from at least one of those that I no longer consider Yahoo spam worth the effort of SC reporting as things stand - an alternative (though not mutually exclusive) is using the Yahoo internal spam reporting system, while we lack the ease with which we formerly reported it to SC (just my opinion and admittedly doesn't address those "payload" links).

Yes, spammers know full well that their efforts are resented which is why they have ramped up their efforts, using robots and (largely) hijacked resources so that with minimal effort and outlay they can multiply negligible rates of return into some sort of subsistence-level aggregate. Here is CISCO's "Overview" of global spam, note that the volume thoroughly dwarfs that of legitimate messaging:

http://www.senderbase.org/static/spam/

Share this post


Link to post
Share on other sites

No one has said you are stupid. In fact that is the problem, you are much smarter than the parser when it comes to "looking" at improperly formatted or incomplete emails. The computer world if full of examples of Turing test to tell the difference between people and machines (bots). Most times when you create a new account somewhere there is, what looks like, a simple test or question to try and identify real people from software programs. How you look at a link or URL and the rules that SC's parser uses to looks at the same string of letters and symbols may be a good example.

If I have to change the "Content-type" header to make it work, then it is indeed a problem

Be sure to understand the rules

SpamCop does what it does and doesn't do for a reason. Do not make any material changes to spam before submitting or parsing which may cause SpamCop to find a link, address or URL it normally would not, by design, find.

I understand it is frustrating to not see a result of your efforts to submit spam. SpamCop's reporting system is a tool. A tool that works well when used correctly, i.e. spam data is presented in a way that the tool can understand and utilize. Although you and other reporters are currently having issues with how Yahoo handles/copies/forwards email, others using other software and/or procedures continue to report hundreds of spam daily. During this last week SpamCop has processed, on average, 8 spam/sec with burst as high as 20 spam/sec. with almost 5 million reports being sent last week. In general the tool works fine. In fact your earlier post

I've even gone so far as to send myself an email from a throwaway, where the message body was comprised of links to valid sites, such as www.yahoo.com, www.google.com, www.microsoft.com and www.disney.com, only to get the exact same incorrect, erroneous line that says "no links found"

indicates to me that the search for true spamvertised links is working correctly. Many spam include links to legitimate sources, similar to those you mentioned, including national news sources to give credence to their spam sites. SpamCop routinely ignores those link for obvious reasons.

The manner in which you are submitting the spam, because of the tools you are using (Yahoo), continues to be the problem not the SpamCop parser. Repeatedly complaining about the SpamCop tool will not cause a change when the problem is the data being submitted. Looking at the several Yahoo related threads and applying the workarounds others have found helpful is the answer to correctly using the SpamCop tool to get reports sent on your behalf.

JMHO

Share this post


Link to post
Share on other sites

No one has said you are stupid.

I agree. There's a good amount of knowledge, experience and wisdom to be found here in this forum.

My opinion of the situation can be summarised in one word: Yahoo.

I've never been a big fan of Yahoo, for various reasons, including the problems that get reported in this forum from time to time in this forum. I think I'll wander off in search of a coffee before I type something that would contribute to me being kicked off.... :D

Share this post


Link to post
Share on other sites

Gentlemen:

I must disagree with the lot of you, for someone has called me "stupid". The fact that it was myself should not eliminate that from consideration. :D

I have, by no means, intended to do anything other than express my frustrations, and while I appreciate the technical discourse from you, (all) as I've said, you are casting pearls before swine.

If I appear to have taken offense, rest assured that at no time has that occurred, as I have not yet percieved anyone giving offense. A few of you might have been a little patronizing, but we're all adults here (One would hope...) and your frustrations with me certainly have the potential to be as great as my frustrations with all that #$&%^ spam....

Edited by Lancer525

Share this post


Link to post
Share on other sites

Forgive me, gentlemen, but my ignorance of the matter really compels me to only percieve what you have written as jargon and mumbo-jumbo. It means something of great import to you, and I truly appreciate that, but to me, it may as well be Attic Greek.

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp Please let me know what, specifically, in my earlier post (other than what was in the referenced FAQ entry) you found to be mumbo-jumbo and I'll try to explain further. I tried to make it English but I know I often fail in such attempts. :) <g>

Share this post


Link to post
Share on other sites

I have an opinion. Isn't that intriguing?

Most of the spam I submit is from Yahoo. My first Yahoo email address has declined into being useful as an exceptional spam-honeypot -- I think I clicked on an "Unsubscribe" link in it back in 1999. My other Yahoo addresses, including one from which I never sent ANYTHING, are also useful sources of spam. The combination of having Yahoo accounts and having signed up to make Spamcop-submissions is hopefully doing some good, somehow. If not in this dimension, then maybe the next.

I think I submit Yahoo-spam differently. The Spamcop parser requires something from the "body" to be added after the header, with an empty line inbetween. The header is easy. Don't tell anybody I said so, but I just copy and paste the subject into my submission, after an empty line after the header, and I call that macarroni "Body." If the parser won't accept a submission without something like a body, then that's what I give it.

Of course, the spambodies are where the spamdresses are, and now I'm not sending in any of them. There goes my moral credibility. But I like to think I got to that point honestly.

I also used to pull out my hair because the parser frequently couldn't find obvious URLs in the bodies I submitted. When I ran out [of hair], I realized that the real value is to report the spam-source IP addresses. Hey, we're lucky if an ISP stops the account of a spammer, but even that isn't hardly a given, these days.

I don't believe that any great detective resources are being devoted to turn spamdresses into arrests, fines, and jail-terms, so I stopped worrying about 'em. So when I'm done submitting the header (and the subject, twice), I haven't even opened the spam to see what they claimed to be selling. I don't care anymore. Happy just to disconnect computers sending the spam, then it won't matter what the spamvertisement addresses were.

Today, I think that leaves us wanting ISPs to be more accountable for their users sending spam, pirate ISPs to be raided and put into cells with nothing more than childrens blocks to play with, and more SpamCop participation.

https://0.s3.envato.com/files/135029.jpg

The thing that brought me to the Forums today is that for the past couple of weeks, almost all of my spam have been from IP addresses that SpamCop can't determine their ISPs, so all the submissions go into the round-devnull-file. Network-tools.com, Robtex.com, and NirSoft.net's "IPNetInfo" utility have "no records" for the elusive IP addresses.

What's being done about that? How are people getting connected to the Internet without any records, thereof?

So, I'm looking around to see if anyone else has noticed the same increase in devnull reports, spams that aren't really submitted beyond SpamCop. As far as I can tell, each one represents a spam that someone is getting away with.

best luck,

-neil-

Edited by Farelf
remote image converted to (unlinked) URI - refer http://forum.spamcop.net/forums/index.php?app=core&module=help

Share this post


Link to post
Share on other sites

Neil:

Yes, in the last couple of weeks, about 80% of my spamcop parsings have ended up with the dreaded devnull.

Almost makes me just want to forget it.

Share this post


Link to post
Share on other sites

Lancer,

Yes sir.

Let's give it a chance to see where this goes before we give up.

-neil-

Share this post


Link to post
Share on other sites

Speaking of Yahoo, it seems that I'm fortunate to be able to use POP or IMAP access for Yahoo accounts without paying a fee, so I can forward the complete emails as attachments from within Thunderbird. Part of this could be because my ISP, in its infinite wisdom, has chosen Yahoo as their provider, even though there have been problems over the years.

Share this post


Link to post
Share on other sites

...

So, I'm looking around to see if anyone else has noticed the same increase in devnull reports, spams that aren't really submitted beyond SpamCop. As far as I can tell, each one represents a spam that someone is getting away with.

...

Hi Neil,

I don't get much spam but just 2 of my last 18 (during March) only offered devnul reporting for the source (somewhat off-topic discussing the source here, sorry O/P, but Neil makes some valid points). Everybody's spam sources are "different", except for those that aren't. For each of those 2, I found an apparently valid abuse address and added that to the report routing (only available if the reporter has reporting credits, otherwise the free reporting account preferences can be finangled to do similar, in clunky sort of way).

And I added a topic for each of those "discovered" abuse addresses (I think) in http://forum.spamcop.net/forums/forum/39-routing-report-address-issues/ with that detail for Don to pick up and over-ride present routing if he choses to do so (some he does, some he maybe doesn't - he has his reasons and his priorities). Some other reporters are active in that routing report address issues forum too (to a much greater extent).

Oh, and sometimes you can "refresh" the standard cache for the IP's net bloc abuse routing during your review of the parse and before committing reports, to see if SC can find a valid reporting address (a spin-off of the matters mentioned in https://www.spamcop.net/fom-serve/cache/32.html).

And back more on topic, we should note that the SURBL uses feed from SC which possibly does more to inconvenience spammers through attacking their spamvertized payloads than does SC abuse reports these days (thinking of high-volume/automated "alphabet soup" domain registrations, botnet webpage hosting, whole countries - let alone networks - effectively complicit in the spam - and exploit - "industries"). But yes, the parser has to find those links first. Which has been discussed in distressing detail already.

HTH - oh, and I edited your first post in this topic Neil. Sorry, nothing personal, but we need to be meticulous about external links and (particularly) externally-hosted images which are simply too vulnerable to exploitation over time. So many opportunities for 1st, 2nd and 3rd party malefactors arise from that "full internet experience".

Steve

Share this post


Link to post
Share on other sites

Well, I'm getting phishing spams from Asia, and they have done something to the headers to the point that SC can't do anything.

I don't know enough of the technical jargon mumbo-jumbo to say what the problem is, and I don't think it's permissible to post the full headers I have here (and I don't want to hear anything from anyone about how to find full headers, I do know that much, so don't treat me like a five-year old :wub: ) so I don't know what can be done about it, if it can't be reported, and can't be actioned. I forwarded it to PayPal, and they responded that "it appeared to be an invalid sender" so they can't do anything with it either.

This is the last straw for me.

If SC can't or won't do anything about it, then they can go hang. They won't get the membership money I was going to spend, and I'll spread the word far and wide how useless the service is, and how little the people that run it give a rosy rat's red rear about what people who use it have to say.

If they won't or can't address my concerns, then they don't really give a flip about me, so I won't give a flip about them.

Share this post


Link to post
Share on other sites

<snip>

I don't think it's permissible to post the full headers I have here

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp There's no formal prohibition but we prefer that you post the Tracking URL rather than the full headers. The Tracking URL allows us to follow the link to a separate web page to see what the header and body of the spam are rather than cluttering up the Forum with such things.

<snip>

so I don't know what can be done about it, if it can't be reported, and can't be actioned.

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp That's very rare. Could you please share with us the error message or, better yet, the Tracking URL?

This is the last straw for me.

If SC can't or won't do anything about it, then they can go hang.

&nbsp &nbsp&nbsp&nbsp&nbsp You seem to be blaming the hammer manufacturer for not making a tool that can't be used effectively as a screwdriver, without having even communicated with the hammer manufacturer (deputies[at]admin.spamcop.net), only with other hammer customers. Or did you contact the deputies and they declined to do anything about it or haven't replied?

&nbsp &nbsp&nbsp&nbsp&nbsp Added later on edit: To extend/ mix metaphors, you seem to be condemning the charity organization for not accepting your two-dollar bill (the analogy I intend is your attempted spam submission, not your voluntary membership money) because their equipment or accounting system just won't handle it.

I'll spread the word far and wide how useless the service is, and how little the people that run it give a rosy rat's red rear about what people who use it have to say.

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp You are perfectly within your rights to do that. I hope, though, that when you do you'll add that SC has a cadre of users who are satisfied with the (free -- you don't need to purchase anything to use it) product, notwithstanding the one specific thing you wish it would do but won't.

Edited by turetzsr
Added another analogy

Share this post


Link to post
Share on other sites
... I'll spread the word far and wide how useless the service is, and how little the people that run it give a rosy rat's red rear about what people who use it have to say.

If they won't or can't address my concerns, then they don't really give a flip about me, so I won't give a flip about them.

The problem is that you haven't found a way to access the original (standard e-mail content) message body from your version/installation of Yahoo mail. Other have similar (but not necessarily identical) problems with Yahoo mail. Your "body" problem is relevant to just one of the (several possible) "Content-type:" dispositions ("Content-type:" is declared in the headers, the display of which you have mastered). I suggest you should be circumspect about extrapolating that specific failure - Yahoo's failure - into a blanket condemnation of the (free) SC service.

It is easy to understand your disappointment that no SC staff member has contributed to this discussion so far - but there have been many other conversations in these forums about the (supposed) iniquities of Yahoo mail, some with solutions, some without. Frankly even I have difficulty keeping track of them, and I come "here" a lot. As Steve T has suggested, the sure-fire way to involve the SC staff is to write to them directly. They will not ignore you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×