Jump to content
Sign in to follow this  
Papatt

Finding links in message body : no links found

Recommended Posts

Hello !

Almost every spam body contains links (e.g. "visit us" or "remove me") but SpamCop doesn't track the half of them.

Considering these links lead to the spam initiators, is there any reason of this lack ?

Share this post


Link to post
Share on other sites

It will only trace and report the link if it's contained in a normal HREF tag. I have received many spams with the link simply in bold, and those will not get processed.

dt

Share this post


Link to post
Share on other sites

It all starts with you posting the Tracking URL of a specific spam you'd like to discuss. Then we'd all be talking about exactly the same thing. Lacking that, "we" can only go with generalities. You say you see links, but .... "we" don't know how you're looking at your spam, what tools you've got in place, and more importantly, "we" can't see the construction of this specific spam. There's data in the headers that suggest what is supposed to follow, and there are certain constructs in the body that correlate back to this header data, but then we get into e-mail app issues, configuration issues, cut/paste/submittal issues, parser engine issues, external data look-up issues, that time of the month issues .... etc., etc.

Share this post


Link to post
Share on other sites

[Edit add: There is nothing on a reports page called a tracking URL. If that's what it's called why not put that on the report page? Also, the LINK is not a clickable link in the sense that the link takes you to the page you're already looking at. Why make that link clickable? OK, how about a label saying "This is a TRACKING URL". That way when you dun folks to bring the Tracking URL to the table the newbies will know what the hay you're talking about.

To the OP: Here's a sample of a tracking URL:]

[Edit add #2: OK, I removed the tracking URL because I have some privacy concerns even though the report is somewhat munged. Here are my concerns:

1. Posting a tracking URL links to my spam report. The downside is it also reveals my domain name. The more my domain name is published on public forums, the more spam I will get from dictionary spammers.

2. The report generated from the tracking URL reveals my super secret email submission email address. How secret is it once I've posted it here?

3. The report reveals my mail servers. How wise it that to advertise my mail servers.

4. Using Whois any Wally in town can look up my personal information from my domain like name, address, phone, fax, zip code, etc. The reason for munging and super secret email addresess is to avoid that kind of exposure.

I'm not paranoid, but I've been around the block long enough with these public postings to know the downside of revealing any extra personal stuff that can be linked to me.]

Wazoo:

The tone of your answers is frequently negative like the questioner has done something wrong.

Spamcop is not intuitive.

For example the link that you frequently dun people for not posting: It's not really a link at all. When I click on it, nothing happens.

I have to go to the next step and figure out on my own that I have to right click on link; choose SAVE AS to save the report.

Maybe there could be more explanation adjacent to that link telling folks why the link is there:

1. Cut/paste this link whenever you want to discuss a report on the HELP FORUM.

or

2. Right/click on link and SAVE AS this report if you want to view it later.

Maybe you don't mean to but every time somebody posts here you seem to blame them for not posting enough data. Then you really don't tell them how to fulfill your need for more data.

I've figured it out by now, but no thanks to you. OK, that's supposed to be funny. I hope you're smiling :)

Please cut people some slack, and please give them the information they need to acquire and post the data you need to help them.

The FAQ's and pinned posts are helpful, but they are also huge and it can be hard to find specific answers to specific questions.

This cybercom is offered for informational purposes only and is not meant to be confrontational nor is it meant to be legally binding. Please consult a licensed legal professional if you intend to rely on this cybercom for anything beyond its informational focus.  

Edited by flagginator

Share this post


Link to post
Share on other sites

OK. I'm using MS Outlook 2003 and OLSpamCop to mail my reports.

This line has been tracked and reported to the ISP :

<center><a id='Dacca' href="http://swimmer.176948116085830811.antiseptic.software4trojans.com/xme/index.html">Not Interested In Communication</a></center>

and this one (in an other sample) not :

<center><a id='bickered' href="http://made.228376911676293830.kettle.software4trojans.com/rm/index.html">Turn Off This Type of Message</a></center>

I'm showing you two similar sample lines on purpose. Does this help ?

Share this post


Link to post
Share on other sites

flagginator ..... Well, I see you were editing while I was out collecting data .. but ....

When you "process" a spam, somewhere along the line you'll see the lines;

This page may be saved for future reference:

http://www.spamcop.net/sc?id=z617155282zfe...83f11fd0940c35z

in the beginner's case, we should be looking at the paste-your-spam-in-here type submiital, and the above lines would appear on the parse page .... if you would look at the "address" bar in your browser, one would note that this just happens to be exactly the web page one is sitting at .... thus wondering why one would click on the link and expect something to "change" ..... explaining functions of a web-browser are kind of off-topic. That these lines are actually a bit redundant as just being a duplication of the data in the browser address bar, the "may be saved" is a pretty big clue (and noting that in most browsers, the color of that link also shows as that page already having been visited [you're already there]) just says a lot to me already, but again, these are "browser" functions ....

Changing that code isn't possible for me, for the Deputies, for JT .... strictly a Julian thing. Although one could ask, I'm not sure it would bounce to the top of the list of things to do ..???

http://www.spamcop.net/fom-serve/cache/5.html has also been recently updated (not by me) .. per R.W. ... "a girl at Ironport has been tasked to update the FAQ" ... and I see that (assumption) that she didn't see the need to go into lavish details either ...???

The tone of your answers is frequently negative like the questioner has done something wrong.

Matters of perception .... Look again, but look for the scenario of "just the facts"

The FAQ's and pinned posts are helpful, but they are also huge and it can be hard to find specific answers to specific questions.

On the other hand, they can be searched. Though I'm not impressed at all with the built-in search function here, the www.spamcop.net FAQ pages include links to do a Google search which works better than most like. And just for the sake of repetition, the FAQ I created "here" was supposed to be nothing more than a temporary solution, still waiting for JT to decide/commit/actually change these Forum structures to actually add in a FAQ Forum. You'll also note many additional items in this FAQ vice the official one on the www.spamcop.net pages. If you think it's big, look at it from my side ... it's been just a bit of a pain to piece it together, make corrections, additions, changes ... sorry you find it monstrous, but noting I can't recall seeing any of your postings (in the Lounge preferably) to "fix" this issue.

Before you head off on that "I'm being negative thing" again ... I'm retired U.S.Army, so there's a mindset issue there for you to play with, I'm sure. I'm on call for for three local ISPs, a dialysis center with 14 branches, have my own client base to keep up with .... my time here is voluntary. That I find it a bit unreasonable that some folks choose to not take the time to survey their surroundings before jumping in, sometimes firing off their own anger weapons upon entry, ..... well, again, please look again from the "just the facts only" and you'll note that I try to leave as much of the real emotional stuff unsaid .... (have you perhaps taken the time to go through a recent Topic dealing with Cox for instance? Do you really want to know what I was actually thinking? <g>)

And with all that said, I had stated in the past that I was in fact working on a "How to use" FAQ for these Forums, Reporting, etc .... but with the recent events with my own hardware, power outages, health issues, that's slipped quite a bit .... that what I had constructed is now currently sitting on a hard drive to my left that wants to slam the heads into the case when power is applied is just not a happy picture. So, if you've worked things out (with or without my help) putting some of that hard-earned knowledge into something that can be incorporated into the FAQ would certainly be appreciated.

Share this post


Link to post
Share on other sites
OK. I'm using MS Outlook 2003 and OLSpamCop to mail my reports.

At present, I've no idea what OLSpamCop is. Assume a third-party bit of code to get around the Oulook issues, but this also raises too many other issues. (OK, not recognized as the FAQ listing shows "Outlook spam Reported by Leon Mayne" ... though still have no personal knowledge of this tool)

I'm showing you two similar sample lines on purpose. Does this help?

Not really. As I stated in my first post in this Topic, seeing two "body" lines out of context doesn't paint the whole picture. The specific answer to what happened to these two lines is based on how the actual spam e-mail was constructed and submitted. Back to the Tracking URL to allow "us" to see the whole spam.

Share this post


Link to post
Share on other sites

Here is the full body of one of my spam reports :

<html>

<a href="http://www.24-7medz.com/s/?mourik">

<img src="http://rougerpics.info/ad1.gif" border="0" width="254" height="171">

</a>

<p> </p>

<p> </p>

<p><a href="http://www.24-7medz.com/rms.html">

<img src="http://rougerpics.info/rmv2.gif" border="0" width="312" height="19"></p>

</a>

<p> </p>

<p> </p>

<p> </p>

</html>

Two sites are easily read by human eyes or browser programs.

Why is SpamCop (more than) often unable to send complaints to their ISP ?

In this example, only one site shut down would be enough to mess up the business of this spammer.

Share this post


Link to post
Share on other sites

I can't figure out what I'm not saying or that you're not reading .... the entire spam is in question, thus the repeated request for a Tracking URL ....

Share this post


Link to post
Share on other sites

The question was not about "how clean" anything was. The question was "what's wrong with the spam submittal" .... We can now finally talk about this.

As said before, I have no knowledge of your third-party tool. However, seeing as how it's been listed in the FAQ for so long and there hasn't been much traffic about it, from your examples, it wither doesn't work or you've got something wrong going on with it.

In both examples you offer, you are dealing with the infamous Outlook problem with MIME content. Both spams contain the line (different Boundary data);

Content-Type: multipart/alternative; boundary="--8012975454132286102"

However, the Boundary lines are missing from the bodies of the spam, which is the reason the SpamCop parser isn't seeing the included links. For a solution, you're either going to have to try fixing your current third-party tool, use another one, or drop back and use the two-part work-around form to paste the spam in directly.

Share this post


Link to post
Share on other sites

B) Thanks Wazoo, I believe you're right about Outlook and OLSpamCop which can forward only what it gets.

:unsure: Another question : are these links tracked in reports from people who don't use Outlook ?

(...) use the two-part work-around form to paste the spam in directly.
:blink: Sorry, I certainly won't.

:huh: I get about 80 samples a day and I don't want to spend a couple of hours to report them.

:( If SpamCop can't be configured to handle the links in Outlook reports bodies, it will be pitiable but OK for me. Of course, I'd prefer to be more useful.

;) Sure I'm not the only one in that case.

Share this post


Link to post
Share on other sites
B) Thanks Wazoo, I believe you're right about Outlook and OLSpamCop which can forward only what it gets.

The use of this third-party tool is to attempt to work around the Outlook issues .. all I've said is that in the two samples you just provided, this tool isn't working. So it's either broken or you're not using it correctly.

:unsure: Another question : are these links tracked in reports from people who don't use Outlook ?

If you are talking about the Tracking URLs you just provided, they are the parsing engine output page of a spam submittal ... so each spam submittal has its own Tracking URL. By providing these links, "we" can not only see the parser output and the decision it made, but also the actual submittal, which held the key to your issue.

:blink: Sorry, I certainly won't.

:huh: I get about 80 samples a day and I don't want to spend a couple of hours to report them.

The usual suggestion here is to focus in on something .. the most recent dozen, the medical spams, etc ... Simply delete the rest, with the assumption that others will probably be reporting the rest.

:( If SpamCop can't be configured to handle the links in Outlook reports bodies, it will be pitiable but OK for me. Of course, I'd prefer to be more useful.

You've actually got things backwards ... it's because of the way Outlook handles things that causes the problems. Please take a look at the FAQ .. this has been documented for quite some time, and that's also why there are multiple offerings of third-party tools to attempt to work around these problems. SpamCop can't so it, as the problems start when you receive the e-mail on your system .. if you're using Outlook to do this, it's too late for SpamCop to try to handle the broken data.

Share this post


Link to post
Share on other sites

Hello,

OLSpamCop only sends what it can get from Outlook. If you are having problems with incorrect Content-types, either:

1) Report the websites manually using Spamcop, or

2) Turn on 'Clean headers' in the OLSpamCop settings.

Hope that helps.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×