Jump to content
Sign in to follow this  
Ross

[Resolved] Obvious links in body missed

Recommended Posts

I reported some spam a few minutes ago which had obvious links in the body of

the message. They weren't java scri_pt or strewn with fake HTML tags or encoded or

anything. In fact it is some of the least crappy HTML I have seen in spam. Maybe they

used bad MIME section names or something (I don't use MIME so I just see the whole

thing as flat plain text).

Anyway, the message is here:

http://www.spamcop.net/sc?id=z759706311ze9...1e478f889201a0z

The parser says:

Finding links in message body

no links found

Thanks.

Share this post


Link to post
Share on other sites

Ross, that attachment structure is very weird. Exactly what are you using between OE6 and the SpamCop Parser that might have made those modifications, or are they in the original?

Share this post


Link to post
Share on other sites
Maybe they used bad MIME section names or something (I don't use MIME so I just see the whole thing as flat plain text).

27611[/snapback]

The MIME boundries do not match to start with:

Content-Type: multipart/related;

type="multipart/alternative";

boundary="----=_NextPart_000_0000_9E6D4AD1.3E34456D"

<>

Content-Type: multipart/alternative;

boundary="----=_NextPart_001_0001_D2A5AACB.839C6825"

There is also no closing MIME boundry.

One other thing, where did all of the Part 1: type things come from. Are they in all of your messages or just this one? Headers (including Mime headers) should not have any spaces before the colon IIUC.

Share this post


Link to post
Share on other sites
Ross, that attachment structure is very weird.  Exactly what are you using between OE6 and the SpamCop Parser that might have made those modifications, or are they in the original?

27612[/snapback]

Oh man. You're right. I'm used to MUAs which don't mess with anything in the message. I'm not using OE6, just sendmail -> inbox -> mail.

However the sysadmin has silently replaced my mail client "mail" with "nail" which looks mostly the same but apparently tries to interpret MIME when displaying the full message.

If I export the message to a file it is no longer corrupted. I tested it with the parser and it works as expected.

Sorry for the bad report.

Share this post


Link to post
Share on other sites

Thanks for the feedback!

Share this post


Link to post
Share on other sites
Anyway, the message is here:

http://www.spamcop.net/sc?id=z759706311ze9...1e478f889201a0z

The parser says:

Finding links in message body

no links found

27611[/snapback]

Latest multitrade group spams all use this method to avoid SpamCop. BTW. The registratations contacts' telephone number is disconnected, and the domain of the contacts' email address is falsely registered also (non-existant Washington state address - listed voice number is a fax machine in Delaware state).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×