Jump to content
MIG

SCv5 parsing

Recommended Posts

Does anyone know if,¬†we post to v5 parser,¬†entire source data or modified source data?ūü§Ē

Cheers.

Share this post


Link to post
Share on other sites

With changes, I would suggest submitting unmodified data to see how the new parser works.  Without new examples there is no way how it works.

Share this post


Link to post
Share on other sites
1 hour ago, Lking said:

With changes, I would suggest submitting unmodified data to see how the new parser works.  Without new examples there is no way how it works.

Hello Lking, thanks for replying:).

I have submitted both modified & unmodified data, end result, different, hence my question.

I've asked this question on other's posts, provided examples, no-one responded, hence this post - leading me to cogitate, which method is more accurate, more likely to produce the best outcome, i.e, get notifications sent to those responsible that will really pay attention & take action?

No modified source data, i.e 1st {Received) not removed: 

https://www.spamcop.net/sc?id=z6513927819z5a333033d60c15fe7dcbe967cc9c5977z

Modified source data, i.e 1st {Received) removed:

https://www.spamcop.net/sc?id=z6513928242zd136d1f1635704ba07e5ae7794f427e6z

& a v5 general ?, do you know if there's any available v5 information/changes faq available please? If so where? Please!:)

 

 

 

 

 

Edited by MIG

Share this post


Link to post
Share on other sites
5 hours ago, MIG said:

Hello Lking, thanks for replying:).

I have submitted both modified & unmodified data, end result, different, hence my question.

I've asked this question on other's posts, provided examples, no-one responded, hence this post - leading me to cogitate, which method is more accurate, more likely to produce the best outcome, i.e, get notifications sent to those responsible that will really pay attention & take action?

No modified source data, i.e 1st {Received) not removed: 

https://www.spamcop.net/sc?id=z6513927819z5a333033d60c15fe7dcbe967cc9c5977z

Modified source data, i.e 1st {Received) removed:

https://www.spamcop.net/sc?id=z6513928242zd136d1f1635704ba07e5ae7794f427e6z

& a v5 general ?, do you know if there's any available v5 information/changes faq available please? If so where? Please!:)

I do wish as well, that parser changes could/would be posted, but that's up to Cisco/Talos to decide if a changelog or list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

That said/vented, see my latest post here:

 

Share this post


Link to post
Share on other sites
3 hours ago, RobiBue said:

I do wish as well, that parser changes could/would be posted, but that's up to Cisco/Talos to decide if a changelog or list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

Hi RobiBue, I was thinking the exact same thing earlier today! It's a valid reason for keeping mum:)

 

3 hours ago, RobiBue said:

That said/vented, see my latest post here:

 

& your rationale/explanation provided on klappa's "Something wrong with Outlook reporting"  post is deadly, as in perfect! Thanks:)

 

Share this post


Link to post
Share on other sites
13 hours ago, RobiBue said:

list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

Not sure "Us mere mortals" is the issue.  It is all the spammers and trolls of this forum that would be the issue. They do seem to find the holes well enough with out a menu.

Share this post


Link to post
Share on other sites

If SpamCop can't parse do it yourself. Look for line
Authentication-Results: spf=none (sender IP is 209.85.128.68)

AND
Return-Path:
 noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me

Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255])

So forward as attachment to network-abuse[AT]google.com

All you put in forwarded message is

Received
209.85.128.68   network-abuse[AT]google.com

Source
68.183.75.255    abuse[AT]digitalocean.com

digitalocean.com are known ratbags so also use their abuse page

https://www.digitalocean.com/company/contact/#abuse

Share this post


Link to post
Share on other sites
9 hours ago, petzl said:

If SpamCop can't parse do it yourself. Look for line
Authentication-Results: spf=none (sender IP is 209.85.128.68)

AND
Return-Path:
 noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me

Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255])

So forward as attachment to network-abuse[AT]google.com

All you put in forwarded message is

Received
209.85.128.68   network-abuse[AT]google.com

Source
68.183.75.255    abuse[AT]digitalocean.com

digitalocean.com are known ratbags so also use their abuse page

https://www.digitalocean.com/company/contact/#abuseÔĽŅ

Thanks Petzel,

Outlook.live mail cannot be forwarded as an attachment.

It's not that SC can't parse the spam: with v5, my query was "do we still keep modifying/removing 1st "received" line, & the answer, from SCA & SCF is "yes".

Share this post


Link to post
Share on other sites
On 1/18/2019 at 4:38 AM, Lking said:

Not sure "Us mere mortals" is the issue.  It is all the spammers and trolls of this forum that would be the issue. They do seem to find the holes well enough with out a menu.

What's new in v5? The important stuff, a full suite of emojis,ūüėÄ yeah!!!

image.thumb.png.2e0b759982db96da950e3cfb4ea2da56.png

Edited by ANGEL

Share this post


Link to post
Share on other sites

With the upgrade, I've noticed that the parser is coping better for processing spam arriving at gmail. For a while, I've had to perform an edit similar to that required for Outlook/Hotmail, and this now eems to be unnecessary.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×