Foxie
-
Posts
5 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Foxie
-
-
-
Is there anyone I can send this to directly? The page the tracking URL points to reveals my real name (in the subject) and domain of my email address (from the server) and posting it in an open forum might open me up to reprisals, assuming the more dedicated spammers have joined
-
The latest email contains
<a =href=3D"http://xn--f1afb6ad2a。xn--p1ai?cid=3Dj1">
I tried clicking it (against my better judgement) and my browser (Brave) did correctly parse and open it. Every link in the email is identical.
The Spamcop parser says
QuoteResolving link obfuscationhttp://xn--f1afb6ad2aãxn--p1ai?cid=j1
Tracking link: http://xn--f1afb6ad2a/。xn--p1ai?cid=j1No recent reports, no history available
xn--f1afb6ad2a is not a hostnamexn--f1afb6ad2a is not a routeable IP addressCannot resolve http://xn--f1afb6ad2a/。xn--p1ai?cid=j1If I throw the source into my text editor and do a find and replace to change all occurrences of 。 to a dot then Spamcop parses it correctly
QuoteResolving link obfuscationhttp://xn--f1afb6ad2a.xn--p1ai?cid=j1
Tracking link: http://xn--f1afb6ad2a.xn--p1ai/?cid=j1[report history]
Host xn--f1afb6ad2a.xn--p1ai (checking ip) = 103.139.42.59
Resolves to 103.139.42.59
Routing details for 103.139.42.59
[refresh/show] Cached whois for 103.139.42.59 : abuse@tnd.vn
Using abuse net on abuse@tnd.vn
No abuse net record for tnd.vn
Using best contacts abuse@tnd.vnThe actual URL is
The use of the 。 character in a Punycode URL is a working circumvention of the Spamcop parser that still gives a working link for browsers.. Please can the parser be updated to treat 。 as a dot urgently? Most of my penis pill spam from Russia is now using this trick.
Almost all the spam I receive now is hosted at tnd.vn. I really think we should start to treat them as a spam-friendly host.
Thank you
Did some spammer just get out of jail and set up operation again? These messages look exactly like the spam I used to get in the late 1990s but the obfuscation of the content to make it non-human-readable in the source is better
-
I have recently started receiving spam that has links that Spamcop can't parse. It just says they are't routable addresses. My email client displays the links correctly. Please will someone look into these?
Here is an example:
http://roxanacoraline。ru/?REDACTED
This may be false though. The email is such a mess, I can't read any of the source. I'm happy to supply the source if that helps. This new stuff looks exactly like the pharma spam of the 90s. Has a former spammer been released from jail or something?
Thank you
New spam with links Spamcop can't parse
in SpamCop Reporting Help
Posted · Edited by Foxie
My take on this is that an important part of stopping the spam flow is to make it unprofitable to send spam. Taking out a destination URL could easily render millions of spam emails sitting in people's inboxes useless and take away the profit the spammer could have made from sending them. I think forcing users to manually edit the source of messages to make them parse is only going to reduce the number of effective reports that work towards that goal.
This particular spammer seems to have a lot of hosting at one company and the sooner they become persona-non-gratia there, the better I think it will be