Jump to content
Sign in to follow this  
snaller

What about 'picture' spam?

Recommended Posts

I just got a spam which I reported as normal, however the 'problem' is that the body text short nonsense ("A muezzin is summitry ambling but sen what viscount, diet not josephus. When replenish countermen, gibraltar infight is not regional bacillus but a sharpshoot intestine cage arises caputo prevention in precise, uninominal and physiochemical. Would you sordidgalway? No, sequin rectilinear mayonnaise is parallelepiped a scale and ale diagnosis.")

And the meat of the spam is a picture of text. So when you report to spamcop you just report the nonsense, not the included picture with the actual spam text.

Is there a protocol for this?

Share this post


Link to post
Share on other sites

If the picture had an "<a href=" tag attached to it, the Parser should have picked that up.

If, instead, it was a picture of a URL or hints of a URL, there is nothing the Parser can currently do about that. Sorry.

Share this post


Link to post
Share on other sites

This post moved from the "How to use ... the Forum" section .... thinking that a few more minutes of research, the "how to use .. Reporting" section might have been stumbled into which offers a number of tutorials ... then one could mention the FAQ, could mention that there is the free-reporting account available, and even a specific part of the "Rules! everyone read" about material changes to the submittals .... Yes, there is a "protocol" .. it's called "correctly reporting your spam" ... yes, I'm grumpy.

Share this post


Link to post
Share on other sites
<snip>

then one <snip> could mention that there is the free-reporting account available, and even a specific part of the "Rules! everyone read" about material changes to the submittals ....  Yes, there is a "protocol" .. it's called "correctly reporting your spam" ... yes, I'm grumpy.

30177[/snapback]

...Grumpiness aside, I don't see how any of these items you mention apply to the OP for this thread -- perhaps I missed it but I don't see any hint that the existence of a free-reporting account is of relevance the this inquiry or that the OP has or is contemplating violating the "material changes to spam" rule or that the OP has failed to report this spam correctly. Rather, it's just a (known, I believe) example of a spam trick to try to defeat anti-spam efforts.

...That being said, I believe the answer to the OP is: it doesn't matter, really. SpamCop is principally about two things: finding the abuse address of the source of the spam (not affected by this trick, IIUC) and generating reports to that/those abuse address(es). The actual content of the spam is only relevant to the less-important (to SpamCop) goal of finding and sending reports to the abuse address(es) of the owner(s) of spamvertized web sites (which this trick may have defeated). Bottom line: no big deal.

Share this post


Link to post
Share on other sites

(I forgot to type "is" in my original message, surely it doesn't confuse people that much. "the body text IS short nonsense" )

If the picture had an "<a href=" tag attached to it, the Parser should have picked that up.

If, instead, it was a picture of a URL or hints of a URL, there is nothing the Parser can currently do about that.  Sorry.

30176[/snapback]

As I wrote above it was picture of text. As in 7-8 paragraphs and 500-600 words. You know, a picture of text. And it was sent as an embedded attachment. I deleted the spam.

Share this post


Link to post
Share on other sites
This post moved from the "How to use ... the Forum" section .... thinking that a few more minutes of research, the "how to use .. Reporting" section might have been stumbled into which offers a number of tutorials ...  then one could mention the FAQ, could mention that there is the free-reporting account available, and even a specific part of the "Rules! everyone read" about material changes to the submittals ....

I have no idea what you are trying to write here - perhaps focussing more trying to explain something clearly and less on being a poet might be helpful.

  Yes, there is a "protocol" .. it's called "correctly reporting your spam" ... yes, I'm grumpy.

30177[/snapback]

Well smartass, what the hell is "correctly reporting your spam" - you expect me to sit down and look at the picture and type each of the 600 words from the picture in to the email for you? Hell no. And you seem to be perpetually grumpy, perhaps you should get out more.

Share this post


Link to post
Share on other sites
...That being said, I believe the answer to the OP is: it doesn't matter, really.  SpamCop is principally about two things: finding the abuse address of the source of the spam (not affected by this trick, IIUC) and generating reports to that/those abuse address(es).  The actual content of the spam is only relevant to the less-important (to SpamCop) goal of finding and sending reports to the abuse address(es) of the owner(s) of spamvertized web sites (which this trick may have defeated).  Bottom line: no big deal.

30185[/snapback]

Right, so be it then. The number of spams with pure text pictures are very rare at the moment anyway (might be easier though - filter anything which has any form of attachment ;) )

Thanks turetzsr.

Share this post


Link to post
Share on other sites
Right, so be it then. The number of spams with pure text pictures are very rare at the moment anyway (might be easier though - filter anything which has any form of attachment ;) )

Thanks turetzsr.

30254[/snapback]

...You are welcome. BTW, turetzsr is just my user id -- I prefer being referred to as "Steve T" (see my sig).

Share this post


Link to post
Share on other sites
I have no idea what you are trying to write here - perhaps focussing more trying to explain something clearly and less on being a poet might be helpful.

There is a Forum section entitled "SpamCop Reporting Help" .. You chose to post a question about "how to report" into a sub-forum section clearly labeled "How to Use ... / SpamCop Forum" ... whereas the next possibility was the "next" sub-forum "How to use ... / SpamCop Reporting" ....

Well smartass,

language not needed, surely not to the person filling the spot of Admin

what the hell is "correctly reporting your spam" -

As in the first item in this post, if one is not seen as able to read the Forum section labels, descriptions, and even notes about what is to be posted into the forum section, there's not much of a clue there as to what your definition of "correctly reporting" might have included.

you expect me to sit down and look at the picture and type each of the 600 words from the picture in to the email for you?

and that would put you right into the realm of "material alterations" ... already mentioned.

Hell no. And you seem to be perpetually grumpy, perhaps you should get out more.

30253[/snapback]

Retired U.S. Army, fixed/small income, looking at the 8th continuous day of this house being over 100 degrees inside, 20+ yeats of being advised that upon retirement, my medical needs would be taken care of, whereas the reality turns out to be my eyes aren't covered, my teeth aren't covered ... bike needs a new battery and a replacement for the bald rear tire, three running vehicles but none I'd trust to go out of town in .... gee maybe you could start a fund drive for me so I "could get out" ....????

Right, so be it then. The number of spams with pure text pictures are very rare at the moment anyway

I've seen them for years, so not sure why you seem to be so amazed at them. But again, I manually report most of my spam, so I don't have the same problem you are describing.

Share this post


Link to post
Share on other sites
the host will soon be banned

31306[/snapback]

Actually, most of the picture spam I get now uses a small gif attached to the email, so the picture isn't hosted anywhere, no one to get banned. I've been getting quite a few of these in the past few months. The majority related to a scraped sneakemail address we discussed a while back. Almost all open proxy/trojanned broadband PC spam, so no end in sight until the ISP's start requiring secure systems before allowing access.

Share this post


Link to post
Share on other sites

Hi Snaller,

I don't know if this is helpful or not, but when I get this kind of spam, I manually LART it.

Since I have heard some reporting addresses reject emails with attachments, I send one complaint with the picture attached (usually as a BMP), and one without.

I add a note at the top of the LART explaining I will be sending two copies, one with the picture attached and one without.

Examples:

"spam email contained an image with a telephone number (095) xxx-xx-xx. A copy of this complaint will also be sent with the image as an attachment."

"A second copy of this complaint will be sent with the email's embedded image as an attachment."

Good luck, :)

Nigel

Share this post


Link to post
Share on other sites

Hi Snaller,

I have been receiving about 5 of the "picture text" emails a day in 2 different email accounts for the past 2 months. It seems they are becoming more common. I came across your posting while searching for a solution to this very bothersome issue. I know this posting doesn't offer any solutions - it's just an update on the frequency.

Share this post


Link to post
Share on other sites
I have been receiving about 5 of the "picture text" emails a day in 2 different email accounts for the past 2 months.  It seems they are becoming more common. I came across your posting while searching for a solution to this very bothersome issue. I know this posting doesn't offer any solutions - it's just an update on the frequency.

37589[/snapback]

I too have been receiving about the same number of these "picture spams" every day. The following link is one I reported today:

http://www.spamcop.net/sc?id=z840424644z9f...dc9d82ceca3788z

I can't report these manually unless I allow the picture to be loaded (the tag for the image isn't there until the picture is loaded). Here is an example of the tag

<img src=cid:295a84267eaaa8f5953cf0692b5f9a4b>

The gif file appears as an attachment and the message body is blank. If I try to manually report this spam, SpamCop says that there is no message and refuses to send a report. I can use SpamControl to automatically send the message for reporting and SpamCop accepts the spam for reporting.

I normally do a manual report of my spam, but SpamCop doesn't seem to be able to handle these picture type spams. Is there something else I can do (I really don't like to use SpamControl) to get these reported other than allowing the spam picture to display?

- Alan

Share this post


Link to post
Share on other sites
I too have been receiving about the same number of these "picture spams" every day.  The following link is one I reported today:

http://www.spamcop.net/sc?id=z840424644z9f...dc9d82ceca3788z

Sample spam seen at that Tracking URL is woefully hosed. Perhaps due to the use of "SpamControl" thing, whatever that is ....

I can't report these manually unless I allow the picture to be  loaded (the tag for the image isn't there until the picture is loaded).  Here is an example of the tag

<img src=cid:295a84267eaaa8f5953cf0692b5f9a4b>

Check the Glossary here (link off of the SpamCop FAQ links here worst case) and look up "Content ID ... cid:" for what this is .. it certainly doesn't translate to any type of a "reportable link" .. even if the Parsing & Reporting tools did handle image file (references)

The gif file appears as an attachment and the message body is blank.  If I try to manually report this spam, SpamCop says that there is no message and refuses to send a report.  I can use SpamControl to automatically send the message for reporting and SpamCop accepts the spam for reporting.

I normally do a manual report of my spam, but SpamCop doesn't seem to be able to handle these picture type spams.  Is there something else I can do (I really don't like to use SpamControl) to get these reported other than allowing the spam picture to display?

37740[/snapback]

There is a definition around these parts for the term "manual reporting" .... not sure if you're using the same one. But again, the sample provided doesn't seem to indicate a cut/paste "manual" report attempt either.

Share this post


Link to post
Share on other sites
The gif file appears as an attachment and the message body is blank.  If I try to manually report this spam, SpamCop says that there is no message and refuses to send a report.  ... Is there something else I can do ... ?

37740[/snapback]

Yes, you can include some text like [no body] as the body to convince SpamCop's Parser to parse the message.

Share this post


Link to post
Share on other sites
Yes, you can include some text like [no body] as the body to convince SpamCop's Parser to parse the message.

37743[/snapback]

Thanks for that hint. I did not think to manually include something.

Just an FYI (I'm not savvy on the terms used here), by "manual reporting" I mean that I go to the SpamCop web site and click on "Report spam" (actually I have it bookmarked to make it easy to get to), and then I cut and paste the headers into the Outlook/Eudora workaround section and the message body (either the text or the HTML as appropriate) into the message box. I then click on "Submit" and finish the reporting. Is this what people on this forum mean by "manual reporting?"

- Alan

Share this post


Link to post
Share on other sites
Thanks for that hint.  I did not think to manually include something.

37745[/snapback]

You're welcome.
Just an FYI (I'm not savvy on the terms used here), by "manual reporting" I mean that I go to the SpamCop web site and click on "Report spam" (actually I have it bookmarked to make it easy to get to), and then I cut and paste the headers into the Outlook/Eudora workaround section and the message body (either the text or the HTML as appropriate) into the message box.  I then click on "Submit" and finish the reporting.  Is this what people on this forum mean by "manual reporting?"

37745[/snapback]

No, that's what we mean by "regular/normal/full/slow Reporting", as opposed to Quick Reporting. When I suggest that someone send a "Manual Report", I have in mind the definition I wrote, which currently resides here in the SpamCop Glossary.

Share this post


Link to post
Share on other sites

IF the image has a link, I'll refresh the browser, until the parser catches it, but for many of the stock spams, I look up the company on PINKSHEETS and report them manually.

Share this post


Link to post
Share on other sites
IF the image has a link, I'll refresh the browser, until the parser catches it, but for many of the stock spams, I look up the company on PINKSHEETS and report them manually.

37846[/snapback]

You are aware that in many circumstances, the companies themselves have nothing at all to do with the spam. It is simply someine trying to control the price. My company had that happen a few years ago and we got plenty of complaints about it. We appreciated the information, though. That is when I learned to read headers :(

Share this post


Link to post
Share on other sites

Possibly. But the OTC.BB and PK indexies are very rarely as monitored as ARCA.x, AMEX, NASDAQ and NYSE. It's been reported several times in news reports that companies on the pinkies hire spammers to send email and faxes out on their companies, to hype up their 5 or 10 cent stock.

I have NO qualms in letting the business know that I reported them to the SEC. If they did nothing wrong, cool, but from what I've read, many of them did hire the spammers. Besides that, I think i as the business would like to be informed if the SEC might pay me a visit for what a spammer did.

Share this post


Link to post
Share on other sites

These blank messages with penny stock ad .gif's and now ads for general merchandise seem to be coming out all the time now. I get at least 7-8 per day.

I do add a line <.gif image for penny stocks will not paste into report> or something of the sort to run through the parser, but I'm wondering if anything else has been done to include the images in the final report?

Thanks,

ATF

Share this post


Link to post
Share on other sites
These blank messages with penny stock ad .gif's and now ads for general merchandise seem to be coming out all the time now. I get at least 7-8 per day.

I do add a line <.gif image for penny stocks will not paste into report> or something of the sort to run through the parser, but I'm wondering if anything else has been done to include the images in the final report?

Hi, ATF,

...To what "final report" are you referring? The e-mail reports that are sent by SpamCop? If so, IIUC, only plain text is sent by these reports.

Share this post


Link to post
Share on other sites

Hi, ATF,

...To what "final report" are you referring? The e-mail reports that are sent by SpamCop? If so, IIUC, only plain text is sent by these reports.

Yes. Other than my inserted comment, there is no actual proof of the spammers activity if only text is sent. Most of these spams have a subject of Re:Mortgage question, or who knows what to try to slip past spam filters and also appear like a legitimate email reply in many cases. As one member suggested, often, without a <comment from the user> these messages are normally blank with the exception of the ad in the .gif.

The fact that there are so many picture spams now, (at least in my inbox), suggests maybe this is a successful tactic, (to put the text in a .gif), to avoid the wrath of ISP's?

I also forward all the spam I get as an enclosure to spam[at]uce.gov the address for the FTC spam complaints for what that's worth. I don't know what they actually do with it, but it should all go to them in the .gif form as the full advertisement;

https://rn.ftc.gov/pls/dod/wsolcq$.sta...Z_ORG_CODE=PU01

I also find if I forward the spam to spamcop, I get two links to complete the report. One might have accurately parsed the spam, and the other I think is the picture which won't do anything on it's own.

Thanks,

ATF

Edited by ATF

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×