Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Ross

  1. Oh man. You're right. I'm used to MUAs which don't mess with anything in the message. I'm not using OE6, just sendmail -> inbox -> mail. However the sysadmin has silently replaced my mail client "mail" with "nail" which looks mostly the same but apparently tries to interpret MIME when displaying the full message. If I export the message to a file it is no longer corrupted. I tested it with the parser and it works as expected. Sorry for the bad report.
  2. I reported some spam a few minutes ago which had obvious links in the body of the message. They weren't java scri_pt or strewn with fake HTML tags or encoded or anything. In fact it is some of the least crappy HTML I have seen in spam. Maybe they used bad MIME section names or something (I don't use MIME so I just see the whole thing as flat plain text). Anyway, the message is here: http://www.spamcop.net/sc?id=z759706311ze9...1e478f889201a0z The parser says: Finding links in message body no links found Thanks.
  3. Currently SpamCop only replaces the first line of Cc recipents with "x". I've noticed a lot of spam lately that lists my address as the last user in about three lines of carbon copies. (SpamCop handles wrapped header lines in other cases so long as the next line starts with a tab, but seems to fail here.) Example: Received: from blah blah Date: Fri, 18 Feb 2005 18:22:54 -0500 From: "Fake Address" <fake[at]example.com> To: someotheruser[at]my.domain CC: user1[at]my.domain, user2[at]my.domain, user3[at]my.domain, user4[at]my.domain, user5[at]my.domain, user6[at]my.domain, user7[at]my.domain, user8[at]my.domain, ME[at]my.domain Subject: blah blah (pretend there are tabs at the start of the user4 and user7 lines, the forum software seems to delete any whitespace there) ... SpamCop turns the To and Cc into this: To: x CC: x, x, x, user4[at]my.domain, user5[at]my.domain, user6[at]my.domain, user7[at]my.domain, user8[at]my.domain, ME[at]my.domain Which is nice for those people in the first line of Ccs but not so nice for me Is this just an oversight or is it a feature of some type?
  4. Count me in. But how can I be sure some of my spam is from OptInRealBig? Ross Combs
  5. Yeah, I think you're right. Somehow I must have inserted a return between "s" and "e" in the headers because it works fine when I try it right now. What is strange is that I tried two times before I posted so I must have made the same mistake twice. The starting blank line is just due to phpBB formatting.
  6. I'm getting another parsing problem. These are starting to get annoying since so much of my spam refuses to process in SpamCop. This time the parser is complaining that I'm not giving it the full headers but I'm absolutely positive I am. I'm using the same method to report spam every time but on only one several spams is it complaining. It's unfortunately a long, ubly message with a lot of broken HTML and ugly quoted printables. But here's the header in case that's what is giving the parser indigestion: From twlaz[at]hotmail.com Sat Apr 17 01:54:09 2004 Received: from ua-213-115-84-249.cust.bredbandsbolaget.se (ua-213-115-84-249.cust.bredbandsbolaget.s e []) by REMOVEDMYSERVER (8.12.11/8.12.10) with SMTP id i3H7s21W002710 for &lt;REMOVEDMYEMAIL&gt;; Sat, 17 Apr 2004 01:54:03 -0600 (MDT) Received: from by; Sat, 17 Apr 2004 12:51:05 +0400 Message-ID: &lt;MFBYBLHJVGBEOVPYNMDSXATJ[at]hotmail.com&gt; From: "Monte Brand" &lt;twlaz[at]hotmail.com&gt; Reply-To: "Monte Brand" &lt;twlaz[at]hotmail.com&gt; To: REMOVEDMYEMAIL Subject: Fw: New health data just in.. Date: Sat, 17 Apr 2004 02:54:05 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--377917123509152" X-IP: X-Priority: 1 Status: R (REMOVEDMYSERVER and REMOVEDMYEMAIL were my hostname and email address respectively.)
  7. I thought only ISPs could sue under CAN-spam? The most you can do is to complain to law enforcement or your ISP. Am I wrong?
  8. I've just pasted it as it exists in my mailbox. I have no idea how my mail server could have changed the body contents other than possibly changing the character encoding (but I see no sign of that). If I've misused the term attachment I'm sorry. Maybe a better term is MIME parts?
  9. I received a spam last night which consisted of several attachments. SpamCop parsed the message but only sent the report to the sender and not to the spamvertized website. Is this a bug? Here's a copy of the message. My email address and server address have been replaced with ****. From webmaster[at]naca-usa.org Wed Apr 7 21:41:15 2004 Received: from smtp813.mail.sc5.yahoo.com (smtp813.mail.sc5.yahoo.com []) by **** (8.12.11/8.12.10) with SMTP id i383fEI2014469 for <****>; Wed, 7 Apr 2004 21:41:14 -0600 (MDT) Message-Id: <200404080341.i383fEI2014469[at]mail.cs.nmsu.edu> Received: from unknown (HELO rsr7) (reliefstaff6286[at]sbcglobal.net[at] with login) by smtp813.mail.sc5.yahoo.com with SMTP; 8 Apr 2004 03:41:13 -0000 Subject: Info About Nigeria To: **** From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org> Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C06B5E.74675200" Date: Wed, 7 Apr 2004 00:00:00 -0700 Status: R ------=_NextPart_000_0004_01C06B5E.74675200 Subject: Info About Nigeria To: **** From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org> Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C06B5E.74675200" Date: 4/7/04X-Mailer: Spyder Mailer 1.2 <HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE= >Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG= >For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></= FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w= ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML> ------=_NextPart_000_0005_01C06B5E.74675200 Date: Wed, 7 Apr 2004 20:56:37 -0700 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit For Information About Nigeria Visit Us At: www.naca-usa.org ------=_NextPart_000_0005_01C06B5E.74675200 Date: Wed, 7 Apr 2004 20:56:37 -0700 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE= >Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG= >For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></= FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w= ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML> ------=_NextPart_000_0005_01C06B5E.74675200--
  10. No change to the server in the last few days, though I don't run it so it's possible that I just don't know about one. There are only two messages in my mailbox with those strange lines in the headers and they are both fake bounce spams and they are both from today. I have other messages before, between, and after those which are ok. I have another spam from earlier today with basically the same content but a broken Date header: From CYGNIEXTFZSSOACLSSQVBOBVW[at]sales.get-top-rankings.com Tue Mar 16 10:54:00 2004 Received: from JERRAY ([]) by MYSERVER (8.12.11/8.12.10) with SMTP id i2GHrvKG015355 for &lt;MYEMAIL&gt;; Tue, 16 Mar 2004 10:53:58 -0700 (MST) Received: from by; %CURRENT_DATE_TIME Message-ID: &lt;BEOIEJLSFYPRMDDCWSJCHF[at]sales.get-top-rankings.com&gt; From: "Lucas Bland" &lt;CYGNIEXTFZSSOACLSSQVBOBVW[at]sales.get-top-rankings.com&gt; Reply-To: "Lucas Bland" &lt;CYGNIEXTFZSSOACLSSQVBOBVW[at]sales.get-top-rankings.com&gt; To: MYEMAIL Subject: See Where your website Ranks Date: %CURRENT_DATE_TIME X-Mailer: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--721154354473261526" But that just looks like a misconfigured spamming tool.
  11. MTA Platform: Solaris MTA: Sendmail 8.12.11 MUA Platform: Slackware 8.1 MUA: mail 8.1 (6/6/93)
  12. I received some spam a few minutes ago with the following header: From MAILER-DAEMON Tue Mar 16 13:10:29 2004 Received: from CW-TTELXMTU5HOH ([]) by MYSERVER (8.12.11/8.12.10) with SMTP id i2GKAQI9024380 for &lt;MYEMAIL&gt;; Tue, 16 Mar 2004 13:10:27 -0700 (MST) Received: from by; Tue, 16 Mar 2004 15:10:27 -0500 Message-ID: &lt;PKITFSCVIUETFBOTXDWSFC[at]support.financialbuilder.info&gt; " &lt;MAILER-DAEMON&gt; " &lt;MAILER-DAEMON&gt; To: MYEMAIL Subject: Rank Your Website in the top ten... Date: Tue, 16 Mar 2004 15:10:27 -0500 X-Mailer: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0591525165636848" But SpamCop scolds me for munging the headers, but I'm not. This is exactly the way the message exists in my mailbox. I guessed that this was because of the lines starting with quotation marks is screwing up something in the parser. If I prefix them with X-Make-SpamCop-Happy: the report goes through without a problem. Is changing the headers before reporting the right way to work around this?
  • Create New...