Jump to content
JohnS

Message is larger than maximum size, 50000 bytes. Truncate?

Recommended Posts

Message is larger than maximum size, 50000 bytes.  Truncate?

I have been getting spam from a spammer that moves their host about every few weeks to stay ahead of the game. (About the time that the host shuts them down.)

I have been receiving spam consistently from the same source, and send in the SC reports regularly. I believe now the spammer has figured out a way to circumvent the SC reports, by filling up the email with lots of superfluous information.

When SC parses the decoded email body, it gives me a message above (Truncate?). I of course say OK. If you click Cancel, it just returns you back to the input screen.

In the past, the parser would still find the source links in the body of the message. Now there is so much extra stuff in the first part of the body, it never finds the source links because it is truncated.

So I have to go into the source, find a breakpoint half way thru the body of the decoded email body, and cut/paste from that point to the end. (A lot of Extra Work.)

If I do that, it then finds the source links. Any way to allow SC to parse the extra data to find the source links even if it has to process an exceptionally large email body? 

Clearly, the spammer has built a better mouse specifically with the purpose of fooling SC. It works. Any chance of improving the mousetrap?

 

Share this post


Link to post
Share on other sites

Welcome to the forum.

Short answer: No

Longer answer: Finding links in the body of spam email is the lowest priority for the parser, after identifying the source and sending spam reports. With those priorities it is a mater of allocation of assets i.e. CPU cycles. And there is a cascading impact. If a link is found in the tail end of a large spam, the spam report also becomes larger than 50Kb to include the link; even more cycles and outgoing bandwidth. The CPU cycles and bandwidth all cost money, which makes it a return on investments.

Although Cisco, the current owner, may have deep pockets, the 50Kb limit was established back in the dark ages when SpamCop was privately owned.

Share this post


Link to post
Share on other sites
6 hours ago, JohnS said:

Message is larger than maximum size, 50000 bytes.  Truncate?

If SpamCop did not truncate everyone would be in a queue so it will only target source of spam to speed up processing for others
Of course you can forward as attachment to abuse desk from your email account which I often do (spammers have my email address at anyrate) 
https://mailsc.spamcop.net/spamgraph.shtml?spamstats
At bottom of report I put this in as a signature

offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader

 

Share this post


Link to post
Share on other sites
18 hours ago, JohnS said:

Now there is so much extra stuff in the first part of the body, it never finds the source links because it is truncated.

I used to want to have a higher reporting preference for the links in the body, until the spammer one day about two decades ago used an website from my company in one of their spams.  The spam came from a prominent university and the administrator mistook the link for the source of the spam.  This nearly got me fired for being the recipient of the spam during the argument that ensued.  Since then, I don't care as much about the links in the body and I know those can be spoofed (as well as the Received lines in the header), but the IP that my mail server records as the source is the only one I know that I can trust as being accurate.

Share this post


Link to post
Share on other sites
On 4/4/2019 at 12:07 AM, petzl said:

If SpamCop did not truncate everyone would be in a queue so it will only target source of spam to speed up processing for others
Of course you can forward as attachment to abuse desk from your email account which I often do (spammers have my email address at anyrate) 
https://mailsc.spamcop.net/spamgraph.shtml?spamstats
At bottom of report I put this in as a signature


offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader

 

If you already forward your spam to their abuse department why do you also use that signature? 

Share this post


Link to post
Share on other sites
Posted (edited)
14 hours ago, klappa said:

If you already forward your spam to their abuse department why do you also use that signature? 

Abuse desks are not always known to be the brightest crayons in the pack
AmazonAWS for instance! They require a "copy and past" then contact the spammer they call a customer with a free trail account
However their Russian crime gang  spamming me only uses throwaway email address, web sites, with fictitious names etc.
Gmail and their "cloud" finally seem to of caught on and mark their spam as dangerous (which it always was and is)
Quite a few a upset about a EML attachment rejecting it?
Yet others, the clever ones insist on it, China for instance the REAL Peking abuse address!

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×