Jump to content
Sign in to follow this  
Ross

Bug or feature?

Recommended Posts

I received a spam last night which consisted of several attachments.

SpamCop parsed the message but only sent the report to the sender and

not to the spamvertized website. Is this a bug?

Here's a copy of the message. My email address and server address

have been replaced with ****.

From webmaster[at]naca-usa.org Wed Apr 7 21:41:15 2004

Received: from smtp813.mail.sc5.yahoo.com (smtp813.mail.sc5.yahoo.com [66.163.170.83])

by **** (8.12.11/8.12.10) with SMTP id i383fEI2014469

for <****>; Wed, 7 Apr 2004 21:41:14 -0600 (MDT)

Message-Id: <200404080341.i383fEI2014469[at]mail.cs.nmsu.edu>

Received: from unknown (HELO rsr7) (reliefstaff6286[at]sbcglobal.net[at]67.112.85.93 with login)

by smtp813.mail.sc5.yahoo.com with SMTP; 8 Apr 2004 03:41:13 -0000

Subject: Info About Nigeria

To: ****

From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org>

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C06B5E.74675200"

Date: Wed, 7 Apr 2004 00:00:00 -0700

Status: R

------=_NextPart_000_0004_01C06B5E.74675200

Subject: Info About Nigeria

To: ****

From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org>

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C06B5E.74675200"

Date: 4/7/04X-Mailer: Spyder Mailer 1.2

<HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE=

>Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG=

>For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></=

FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w=

ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML>

------=_NextPart_000_0005_01C06B5E.74675200

Date: Wed, 7 Apr 2004 20:56:37 -0700

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

For Information About Nigeria Visit Us At: www.naca-usa.org

------=_NextPart_000_0005_01C06B5E.74675200

Date: Wed, 7 Apr 2004 20:56:37 -0700

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

<HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE=

>Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG=

>For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></=

FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w=

ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML>

------=_NextPart_000_0005_01C06B5E.74675200--

Share this post


Link to post
Share on other sites

Did the spammer place the second header bits into this spam, or is there something funky with your apps? .. the "several attachments" thing is also a bit of a curiosity ... your definition vice my definition of the word "attachments" .. you didn't post the whole thing as the additional data not related to the query? .. I don't see the signs of an actual "attachment" in what you provided as a sample.

Share this post


Link to post
Share on other sites

I've just pasted it as it exists in my mailbox. I have no idea how my mail server could have changed the body contents other than possibly changing the character encoding (but I see no sign of that).

If I've misused the term attachment I'm sorry. Maybe a better term is MIME parts?

Share this post


Link to post
Share on other sites
If I've misused the term attachment I'm sorry

Much better, thanks ... there's been some recent dialog on why some of "us" have to answer with techy details, rather than using "plain and simple terms" ... and this is one of those things I pointed out .. those "plain and simple terms" can get folks all screwed up when they are not defined the same by both parties.

If I've misused the term attachment I'm sorry

Yes, if pasted "as seen" you've got a spammer that either jacked the software "real good" or intentionally hosed up the spam just to try to foil some of the various parsing tools out there, including SpamCop. The second det of header lines is totally bogus, removing them would (probably .. not going to do the research right now) let the thing parse through SpamCop .. but you;d then be in violation of the "thous shalt not modify your spam to force the SpamCop parser to "find" things that it would have normally found on its own" ... and leaving you facing a fine, ban, etc. ...

There's nothing to stop you from doing the research and sending a complaint yourself, other than ... are you prepared and knoledgeable enough to guess as to the results of your sending a complaint yourself to an entity... Generating a new throw-away e-mail address somewhere to send the complaint (though this doesn't directly address that your identity may be encoded within the spam elsewhere) is one suggestion.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×