Jump to content
Sign in to follow this  
snaller

What about 'picture' spam?

Recommended Posts

Other than my inserted comment, there is no actual proof of the spammers activity if only text is sent. Most of these spams have a subject of Re:Mortgage question, or who knows what to try to slip past spam filters and also appear like a legitimate email reply in many cases. As one member suggested, often, without a <comment from the user> these messages are normally blank with the exception of the ad in the .gif.

There sure seems to be a lot of things not quite understood going on here. Your terms of "blank" and "only text" suggest that I need to point you to a How to .. file .... OE6 Secure handling of e-mail, Why Forward won't work (doesn't matter what e-mail client you're using, the data is the same) ...As another example of what I'm trying to say, tickle your web browser to "show the source" code of this very page .... all the "text" you see is what ends up "displaying" all the stuff on this web-page. The same goes for your .gif in the e-mail ... you only "see" the graphic if you allow it to be rendered as a graphic ... I never see these images, as I have my e-mail clients set to "read as plain-text only" .... for example; pulling up a test e-mail I sent myself (from a SpamCop.net user's e-mail account to show that sending attachments did work) what I "see" when I pull up that e-mail with embedded .jpg image boils down to;

embedjpg.jpg

This is the image you say doesn't exist in your 'blank' e-mail, is the image that should be included in your spam submittal, etc. Yes, it's "text" but that's how things "work" ....

The fact that there are so many picture spams now, (at least in my inbox), suggests maybe this is a successful tactic, (to put the text in a .gif), to avoid the wrath of ISP's?

Doesn't stop me from making my own manual reports/complaints ....

I also forward all the spam I get as an enclosure to spam[at]uce.gov the address for the FTC spam complaints for what that's worth. I don't know what they actually do with it, but it should all go to them in the .gif form as the full advertisement;

see above .. if you are forwarding correctly, the graphic does exist in your submittal ....

I also find if I forward the spam to spamcop, I get two links to complete the report. One might have accurately parsed the spam, and the other I think is the picture which won't do anything on it's own.

This does not grok ...I would have to suggest that there are other issues involved with your submittal process.

Moderator edit: example data converted to a .jpg file to get around a reported problem with Norton Internet Security throwing up a warning due to the 'characteristics' of the data posted ....

Edited by Wazoo

Share this post


Link to post
Share on other sites

I've often wondered if these gif & jpg attachments that are stock spam are understood & treated as valid when I forward them to the SEC and NASD. They're listed as my User Defined Recipents...

Share this post


Link to post
Share on other sites

Well, I did the very best I could using words that I've known for a long time. What better way to explain it?

A blank email as I described has only the .gif, and no text. The ad is the text in the .gif. My questions were fairly simple. Is there any further progress on this type of spam? Does the report include the .gif image with the contact info or spammer ID? Others in this thread have described the same thing. It doesn't seem confusing at all, when your inbox is indundated with spam of pictures of text for a penny stock offering or retail merchandise. If an ISP report contains only text, then the picture won't get to the ISP you are complaining to, only a blank message?

That particular email client is an online site, Netzero, and doesn't have all the bells and whistles of say, Outlook. Pictures don't show as ascii data. Fortunately my main email for personal use is relatively clean except for a registration at ICU.com which immediately triggered all kinds of crap although all I did was register.

'

Share this post


Link to post
Share on other sites
Well, I did the very best I could using words that I've known for a long time. What better way to explain it?

And as usual, you run into me .... the "hung up on technical details" ... stuck on "literal translation issues" guy ....

A blank email as I described has only the .gif, and no text.

And this is exactly where I get "hung up" ... in these parts, when someone says "blank e-mail" .. this is taken to mean "a blank e-mail" .. usually exampled by a header that is incomplete, scrwed up, etc. and ..... (here's the important part) no body ....

Your description is not one of these, as you are clearly stating that "there is content in the body" .....

The 'lack of text' does not translate to "blank e-mail" ......

The ad is the text in the .gif.

Technically, as you've stated repeatedly, there is no text ... an image is an image is an image, no matter what it contains ....

My questions were fairly simple. Is there any further progress on this type of spam?

The closest thing to a response to that is to point you to one of the multiple requests for an OCR tool to be applied against the graphics embedded in a spam (check the New Feature Request Forum for one of those recent requests) .. and in my opinion, one would not want to hold his/her breath for this to happen ....

Does the report include the .gif image with the contact info or spammer ID?

This is what my previous suggested link attempted to convey .. one does not "send a graphic as a picture in an re-mail .. rather the 'code' for that image is contained within the e-mail" .... so if one is correctly submitting the spam, the embedded graphic image is in fact included, just as you received it (however you wish to describe it) .... again, e-mail was developed for and designed around plain-text, various tricks have been incorporated to allow/include this travestry of including graphics, music, sounds, etc. within this plain-text environment. As I suggested you try on this web-page, you can do (try) the same on an e-mail ... get it to display "the source" code .. you will not see "a picture" but you will see the text garbage that was involved in sending that image within a plain-text environment, and other code is involved in converting that text garbage back into an image to show on your screen.

Others in this thread have described the same thing. It doesn't seem confusing at all, when your inbox is indundated with spam of pictures of text for a penny stock offering or retail merchandise. If an ISP report contains only text, then the picture won't get to the ISP you are complaining to, only a blank message?

Once again, if you are submitting correctly, the "image as contained in the text garbage" will be contained within the spam submittal. (The reference once again to a "blank e-mail" will be ignored here) Whether the receiving end of your report takes the time or even allows graphics to display at his/her end is their option. Technically, this wouldn't really matter, as the reports that did go out are based on the source of the e-mail, not the contents. (Once again pointing out that there is nothing to prevent you from generating your own complaints about and to the folks involved with the links you say you find within the images)

That particular email client is an online site, Netzero, and doesn't have all the bells and whistles of say, Outlook. Pictures don't show as ascii data. Fortunately my main email for personal use is relatively clean except for a registration at ICU.com which immediately triggered all kinds of crap although all I did was register.

I have built, I have carted over some existing, and others have offered instructions on how to report your spam from various e-mail clients, some web-based clients, .... but I don't recall NetZero as having anything written up for it. (of course, the question also arises, have you even looked?) Based on your complaints and some of your suggested side-issues, it seems that someone needs to try to take a look at that client and see what it takes (or if it's actually possible) .... But guessing that you'll have to wait until someone with a NetZero account that already has answers to pop in and provide some answers ....

Share this post


Link to post
Share on other sites
The same goes for your .gif in the e-mail ... you only "see" the graphic if you allow it to be rendered as a graphic ... I never see these images, as I have my e-mail clients set to "read as plain-text only" ....

Would you by any chance have a method for doing this in Eudora? I haven't been able to find such. Also, does Thunderbird support doing so? I'm considering changing to Thunderbird. Thank you.

Share this post


Link to post
Share on other sites

Would you by any chance have a method for doing this in Eudora? I haven't been able to find such. Also, does Thunderbird support doing so? I'm considering changing to Thunderbird. Thank you.

What version of Eudora? I use it at home and had it set that way for a while. Wife likes the graphics, though, so I now filter everything at spamcop, then let her see the allowed stuff.

Share this post


Link to post
Share on other sites
What version of Eudora?

Oops. :blush: Should have included that. 5.1 (paid mode) Am not sure if I want to go to a newer version of Eudora since I am strongly considering switching to Thunderbird.

Share this post


Link to post
Share on other sites

Reporting in Thunderbird, in the Spamcop FAQ:

http://forum.spamcop.net/forums/index.php?showtopic=5307

in addition, I just went to my netzero account and tried to report something to spamcop.

Straight forwarding doesn't work, even if you have full header display turned on.

No forward as attachment option.

No option to display full original text email for cut and paste into the Spamcop web form

You can 'view page source' in your web browser, but this has a lot of other nezero HTML formatting thrown in. You could probably pick out the pieces to recreate the email, but it won't include image encoding, just html links, and would likely not pass muster with regard to "material changes".

Share this post


Link to post
Share on other sites

Oops. :blush: Should have included that. 5.1 (paid mode) Am not sure if I want to go to a newer version of Eudora since I am strongly considering switching to Thunderbird.

I will update this later this evening when I get home. I believe that is the version (Paid mode as well) that I use.

Share this post


Link to post
Share on other sites

I will update this later this evening when I get home. I believe that is the version (Paid mode as well) that I use.

I do indeed use v5.1 in paid mode.

The best results I have found to minimize displaying the graphics stuff are a combination of:

Tools, Options, Display, Uncheck "Automatically download HTML graphics"

Tools, Options, Viewing, Uncheck "Use Microsoft viewer"

The best reporting option I found was to report before it gets into Eudora. I have tried a few different ways, none of which were particularly graceful. They can be found in the FAQ here, I believe. I think the most complete reporting was placing into a folder, then importing into OE.

Hope some of this helps

Share this post


Link to post
Share on other sites

Nope, that still doesn't do what I asked about in my original post. Additionally, what I've been seeing lately is that the "picture text" instead of being a single .gif is now being broken down into multiple .gif's

Share this post


Link to post
Share on other sites

Nope, that still doesn't do what I asked about in my original post. Additionally, what I've been seeing lately is that the "picture text" instead of being a single .gif is now being broken down into multiple .gif's

Your original post was a reply to someone talking about not displaying graphics. The answer specifically mentioned "Plain Text Only" which is an option in their email client. My answer is how not to display graphics in Eudora. You are correct that there is no way to do "Plain Text Only" in Eudora. However, using the settings I described, I have never seen a graphic displayed on any email I receive. If you would forward one you are seeing the graphic with those settings to the address in my sig, I would like to see what they are doing.

Share this post


Link to post
Share on other sites

PineBear:

I received your message (Again, sorry I reported it. As you saw, I sent the retraction info to everyone involved). I will be able to look at it when I get home this evening.

Just so I am clear, you still see the attached graphic images (gif) when you disable the microsoft viewer? I will play with it tonight and let you know.

I can see why the "download HTML graphics" switch does not work because the images are actually attached as part of the spam.

It is slightly safer to view this type of message as opposed to ones where the images are downloaded from a remote site. At least they can not know you opened the email simply by scanning their web logs.

Share this post


Link to post
Share on other sites
I received your message (Again, sorry I reported it. As you saw, I sent the retraction info to everyone involved). I will be able to look at it when I get home this evening.

Just so I am clear, you still see the attached graphic images (gif) when you disable the microsoft viewer? I will play with it tonight and let you know.

I can see why the "download HTML graphics" switch does not work because the images are actually attached as part of the spam.

It is slightly safer to view this type of message as opposed to ones where the images are downloaded from a remote site. At least they can not know you opened the email simply by scanning their web logs.

Please refer back to the message from Wazoo in this message thread posted Jun 30 2006, 11:23 AM. I'm not concerned about seeing the images. I was trying to find a method/process he described that would work in Eudora, the decoded .gif if you will, so I could send it along in the body section to SpamCop.

Share this post


Link to post
Share on other sites

Please refer back to the message from Wazoo in this message thread posted Jun 30 2006, 11:23 AM. I'm not concerned about seeing the images. I was trying to find a method/process he described that would work in Eudora, the decoded .gif if you will, so I could send it along in the body section to SpamCop.

You are aware that spamcop does nothing with the "decoded gif" sent in the message other than send the text along, correct?

The "View Source" option described in the How to get ful headers for Eudora does something pretty equivalent:

Embedded Content: perceptive.gif: 00000001,27845530,00000000,00000000

Embedded Content: drizzle1.gif: 00000001,04552d0e,00000000,00000000

Embedded Content: persistence.gif: 00000001,04552d0f,00000000,00000000

Embedded Content: specialized.gif: 00000001,04552d10,00000000,00000000

Embedded Content: daughter-in-law.gif: 00000001,04552d11,00000000,00000000

Embedded Content: precedent.gif: 00000001,04552d12,00000000,00000000

Embedded Content: penknives.gif: 00000001,04552d13,00000000,00000000

Embedded Content: phosphorescent.gif: 00000001,04552d14,00000000,00000000

Embedded Content: thin.gif: 00000001,04552d15,00000000,00000000

Eudora, does not, as far as I know, suffer from the "blank message body" error message being described in this thread. The one possible exception would be the new add-in posted in the FAQ. I have no experience with that and do not know how it handles those messages. That would need to be answered by the author of that software.

Share this post


Link to post
Share on other sites
You are aware that spamcop does nothing with the "decoded gif" sent in the message other than send the text along, correct?

I'm aware of that, but hoped that it would be worthwhile to send along the text so whoever received the report would know what it was about. I guess I could just throw something the Notes such as "Penny stock spam"

Share this post


Link to post
Share on other sites

You are aware that spamcop does nothing with the "decoded gif" sent in the message other than send the text along, correct?

Does that mean that the image will reappear when the recipient of the Spamcop report reads it? I've often wondered if they're just going to see the code or if they see the pictures.

Share this post


Link to post
Share on other sites
Does that mean that the image will reappear when the recipient of the Spamcop report reads it? I've often wondered if they're just going to see the code or if they see the pictures.

tap ... tap ... tap .... is this microphone working?

Whether the recipient "sees" a graphic depends on a number of things, but the primary decision point would be "does the recipient have the e-mail client configured to 'show' graphics in an e-mail?"

Please see the posting done at http://forum.spamcop.net/forums/index.php?showtopic=3571 .. the concept of the "unseen text" is exactly the same construct for an included graphic ... just a few of the header, MIME type description lines will change. The gobbiltygook you see in the referenced post is the same one sees when looking at "the source" of an e-mail with an embedded graphic.

From the top, e-mail was designed as a "text-based" tool .... all this graphics crap was added on later using all kinds of 'tricks' and extra tools to encode/decode the images .. and it's all these tricks and external tools that also led to the problem of computers getting hacked ....

Share this post


Link to post
Share on other sites
Please refer back to the message from Wazoo in this message thread posted Jun 30 2006, 11:23 AM. I'm not concerned about seeing the images. I was trying to find a method/process he described that would work in Eudora, the decoded .gif if you will, so I could send it along in the body section to SpamCop.

This is all moot now, as far as I am concerned. I switched to Thunderbird, which "properly" decodes the .GIFs without having to jump through hoops.

Share this post


Link to post
Share on other sites

How do you handle picture spam - do you report it as anything else?

Btw picture spam i mean those emails where the normal body text of the mail is not advertisment, but ordinary text of some kind - could be a clip from a news story or a book, but where there is an attached picture of the add ("Buy viagra!" or whatever).

Since we can't include the picture in the report, they only get the "innocent" text.

Moderator Edit: I have no idea why a "new" Topic with the same title by the same user was opened up in the Lounge area .... so this post has been merged into the existing Topic / multi-page discussion that was started by the same user about the same subject matter. I really don't see the need to send a PM .....

Edited by Wazoo

Share this post


Link to post
Share on other sites
see above .. if you are forwarding correctly, the graphic does exist in your submittal ....

That is the problem, since the add is in the graphic - the text is just filler.

Share this post


Link to post
Share on other sites
How do you handle picture spam - do you report it as anything else?

Btw picture spam i mean those emails where the normal body text of the mail is not advertisment, but ordinary text of some kind - could be a clip from a news story or a book, but where there is an attached picture of the add ("Buy viagra!" or whatever).

Since we can't include the picture in the report, they only get the "innocent" text.

Moderator Edit: I have no idea why a "new" Topic with the same title by the same user was opened up in the Lounge area ....

Because he wanted feed back from people who care about this, instead of you who only give rude arrogant condescending self pitying comments. Therefore it will be posted there AGAIN - and if you remove it again i can only assume you are helping the spammers. Either offer something constructive or shut up.

If Spamcop can't find a way to handle this ever growing problem, spamcop will be of little use in the years to come.

Share this post


Link to post
Share on other sites

How do you handle picture spam - do you report it as anything else?

Btw picture spam i mean those emails where the normal body text of the mail is not advertisment, but ordinary text of some kind - could be a clip from a news story or a book, but where there is an attached picture of the add ("Buy viagra!" or whatever).

Since we can't include the picture in the report, they only get the "innocent" text.

Anybody know if spamcop is working on a way to store the pictures as well, so spam hunters can look up the text or something?

Or does wazoo speak for them when he indicate he doesn't give a damn?

Moderator Edit: as with the last "new" Topic, this one was also merged into the existing discussion.

Share this post


Link to post
Share on other sites

Umm, spamcop handles it EXACTLY the same as it handles any other email. It analyzes the headers, sends reports to the sending IP owners, and adds the IP address to the blocklist if necessary. The spamvertised website reporting is an after-though add-on to spamcop, and is not its primary focus. Spamcop is not concerned with the type or contents of the message, only the headers.

Share this post


Link to post
Share on other sites
Or does wazoo speak for them when he indicate he doesn't give a damn?

The 'picture' spam is a way to get around those who block using spamvertized sites. Many people who are actually 'working' on the internet don't particularly care about spamvertized sites. Partly because they like the concept of freedom on the internet and don't want to get into any thought about 'censorship' issues and partly because the best way to prevent spam from entering your space is to use blocklists that reject email from spam sources - they don't particularly care what it is - even if it is legitimate - it is the sender's problem to find a way to send email reliably.

Official spamcop is focussed on providing a blocklist for IP addresses that are sending spam. If you are concerned about the spamvertizer aspect then you, the reporter, can find a way to decode it for the parser. (that's my interpretation of official spamcop comments over the years about spamvertized sites) Apparently there are applications that will do it for you without too much trouble. There is an interesting thread in the ng about this subject.

One admin did say in the ng (a while back) that filtering on spamvertized sites did catch about 25% of spam. However, those are the ones who don't reject at the server. With picture spam becoming more prevalent, I expect more and more admins will go to blocking at the server level. With spam at 95% of email, it won't continue to be profitable to accept everything just in case there is a legitimate email in it.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×