[New spam with links Spamcop can't parse]

My take on this is that an important part of stopping the spam flow is to make it unprofitable to send spam. Taking out a destination URL could easily render millions of spam emails sitting in people's inboxes useless and take away the profit the spammer could have made from sending them. I think forcing users to manually edit the source of messages to make them parse is only going to reduce the number of effective reports that work towards that goal.

This particular spammer seems to have a lot of hosting at one company and the sooner they become persona-non-gratia there, the better I think it will be

[New spam with links Spamcop can't parse]

https://www.spamcop.net/sc?id=z6738734459z185b29703e29a162e95ba11bcac025a7z

[New spam with links Spamcop can't parse]

Is there anyone I can send this to directly? The page the tracking URL points to reveals my real name (in the subject) and domain of my email address (from the server) and posting it in an open forum might open me up to reprisals, assuming the more dedicated spammers have joined

[New spam with links Spamcop can't parse]

The latest email contains 

<a =href=3D"http://xn--f1afb6ad2a&#12290;xn--p1ai?cid=3Dj1">

I tried clicking it (against my better judgement) and my browser (Brave) did correctly parse and open it. Every link in the email is identical.

 

The Spamcop parser says

Quote

Resolving link obfuscation

http://xn--f1afb6ad2aãxn--p1ai?cid=j1

 

Tracking link: http://xn--f1afb6ad2a/。xn--p1ai?cid=j1

No recent reports, no history available
xn--f1afb6ad2a is not a hostname

 

xn--f1afb6ad2a is not a routeable IP address

Cannot resolve http://xn--f1afb6ad2a/。xn--p1ai?cid=j1

 

If I throw the source into my text editor and do a find and replace to change all occurrences of 。 to a dot then Spamcop parses it correctly

 

Quote

Resolving link obfuscation

http://xn--f1afb6ad2a.xn--p1ai?cid=j1

 

Tracking link: http://xn--f1afb6ad2a.xn--p1ai/?cid=j1

[report history]
Host xn--f1afb6ad2a.xn--p1ai (checking ip) = 103.139.42.59
Resolves to 103.139.42.59
Routing details for 103.139.42.59
[refresh/show] Cached whois for 103.139.42.59 : abuse@tnd.vn
Using abuse net on abuse@tnd.vn
No abuse net record for tnd.vn
Using best contacts abuse@tnd.vn

 

The actual URL is

 

The use of the 。 character in a Punycode URL is a working circumvention of the Spamcop parser that still gives a working link for browsers.. Please can the parser be updated to treat 。 as a dot urgently? Most of my penis pill spam from Russia is now using this trick.

Almost all the spam I receive now is hosted at tnd.vn. I really think we should start to treat them as a spam-friendly host.

 

Thank you

 

Did some spammer just get out of jail and set up operation again? These messages look exactly like the spam I used to get in the late 1990s but the obfuscation of the content to make it non-human-readable in the source is better

 

 

[New spam with links Spamcop can't parse]

I have recently started receiving spam that has links that Spamcop can't parse. It just says they are't routable addresses. My email client displays the links correctly. Please will someone look into these?

Here is an example:

http://roxanacoraline。ru/?REDACTED

This may be false though. The email is such a mess, I can't read any of the source. I'm happy to supply the source if that helps. This new stuff looks exactly like the pharma spam of the 90s. Has a former spammer been released from jail or something?

Thank you