Jump to content

SpamCop parsing errors?


Tau

Recommended Posts

Hi,

I've received this spam and it seems to me that there is only one valid website that shoud be reported: http://www.juizojuridico.com

From France, the URL http://www.juizojuridico.com/a/? redirects to various websites that host a fake virus warning scam page (with a false Microsoft tech support to call).

SapmCop offers to report also these domains:

Quote

 

 Re: https://punitahenna.com/i.pinymg.com/150x150/3d... (Administrator of network hosting website referenced in spam)
To: postmaster@cloudinnovation.org (Notes)

Re: https://siglentamerica.com/i.pinimg.com/474x/7a... (Administrator of network hosting website referenced in spam)
To: abuse#liquidweb.com@devnull.spamcop.net (Notes)
To: ipadmin@liquidweb.com (Notes)
To: abuse@sourcedns.com (Notes)
To: admin@sourcedns.com (Notes)
To: lisa@webclickhosting.com (Notes)

Re: https://teckwahvaluechain.com/i.pinimg.com/750x... (Administrator of network hosting website referenced in spam)
To: abuse#singnet.com.sg@devnull.spamcop.net (Notes)

 

It seems that the URLs with these domains are invalid, with the format:  https://punita=
henna.com/i.pinymg.com/150x150/3d/2c/86/xxxxxxxxxxxxxxx 

We are warned that:

Quote

 Each false report that you submit means wasted time for a network administrator, so take care. The last thing SpamCop wants are network administrators so accustomed to false claims that they no longer take these spam reports seriously.

I try to check by myself before sending a report, so I didn't report them, as it seems that this is an error and it would be a false report.

Am I right? And if so, I there a way for SC to improve the parsing and avoid there fake links?
For a previous spam, I was also proposed to report Facebook, and it was obviously wrong...

Thanks, and apologies for my imperfect english.

TRACKING URL
https://www.spamcop.net/sc?id=z6702179045zb9c9405c47e13921cb882f789b3afbc8z

 

 

Link to comment
Share on other sites

2 hours ago, Tau said:

It seems that the URLs with these domains are invalid, with the format:  https://punita=
 henna.com/i.pinymg.com/150x150/3d/2c/86/xxxxxxxxxxxxxxx 

The "=" at the end of the line is a RFC email standard.  It, in combination with the new line, are not displayed in the actual body of the email.  This is why the domain looks invalid in the raw format, but is valid in the when viewing.

2 hours ago, Tau said:

I try to check by myself before sending a report, so I didn't report them, as it seems that this is an error and it would be a false report.

Am I right? And if so, I there a way for SC to improve the parsing and avoid there fake links?
For a previous spam, I was also proposed to report Facebook, and it was obviously wrong...

If the link was included in a spam email, why would it be a false report?  Some people want to know when someone else abuse their links in spam.  Links are not put into the blocking list, only the source IP of the spam is put there.

 

Link to comment
Share on other sites

52 minutes ago, gnarlymarley said:

The "=" at the end of the line is a RFC email standard.  It, in combination with the new line, are not displayed in the actual body of the email.  This is why the domain looks invalid in the raw format, but is valid in the when viewing.

Ok, thanks, that's good to know. 

Quote

If the link was included in a spam email, why would it be a false report? 

There are other links in this spam that SC is not offering to report, and a lot of spams i've seen have A LOT of URLs that are not directly involved, and SC is not proposing to report them, and that makes sense to me.

In the above spam there are dozens of references to the redirecting valid website juizojuridico.com directly involved and only ONE for the others and:  

punitahenna.com is down, so punitahenna.com/i.pinymg.com/150x150/3d/2c/86/3d2c8697a01e4fab93e17197b6e053c3 leads to nothing.

siglentamerica.com is not down (and seems legit) but the URL https://siglentamerica.com/i.pinimg.com/474x/7a/83/46/7a834623889f150j80a94c6f63c78999 leads to nothing.

teckwahvaluechain.com redirects to teckwah.com.sg who seens legit, but the URL https://teckwahvaluechain.com/i.pinimg.com/750x150/05/e2/f3/05e2f3bf0883f124237886b94eedc28a leads to nothing.

These urls have pinimg.com in them (except the first one that has pynimg, which obviously is a typo), and this is a Pinterest alias, there URL are fake images links, and these domains are not involved with the spam, so yes it seems irrelevant that SC proposes to report to the hosts admins.
I suppose that SC proposes to report them because in html view, they appear to be clickable (it's only one digit in the body), I think I understand that now.  

 

Link to comment
Share on other sites

  • 2 weeks later...
On 2/8/2021 at 10:55 AM, Tau said:

These urls have pinimg.com in them (except the first one that has pynimg, which obviously is a typo), and this is a Pinterest alias, there URL are fake images links, and these domains are not involved with the spam, so yes it seems irrelevant that SC proposes to report to the hosts admins.
 I suppose that SC proposes to report them because in html view, they appear to be clickable (it's only one digit in the body), I think I understand that now.  

As an administrator of my own server, I want to know when a link is being abused.  If I can tell it is not spam, I may chose to ignore that report.  This is why even though my items are not spam, I still want the reports.  I get to make the final decision whether I take down the items, not SpamCop.

Link to comment
Share on other sites

2 minutes ago, gnarlymarley said:

As an administrator of my own server, I want to know when a link is being abused.  If I can tell it is not spam, I may chose to ignore that report.  This is why even though my items are not spam, I still want the reports.  I get to make the final decision whether I take down the items, not SpamCop.

I get it: you think it's fine that SC send these reports.

I think these reports are irrelevant and should not be sent.

Next move from spammers like this one will be to put hundreds of fake links and admins will receive thousands of irrelevant reports. Ok with me if you think that's fine. I don't.      

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...