Search the Community
Showing results for tags 'head body boundary parse'.
I recently discovered a certain spammer uses a trick with a malformed mail header that SpamCop's parser does not detect. It effectively hides the message body from being scanned, giving a "no links found" message. Here's how it works: They're using MIME 1.0 and a Content-Type header with a boundary string, but adding a fake boundary line at the end of the header: Return-Path: <bla[at]example.com> Received: from ... Message-ID: <x> From: Spammer <spammer[at]example.com> To: x Subject: Credit bla bla bla Date: Mon, 04 Apr 2016 20:36:52 +0600 MIME-Version: 1.0 Content-Type: text/html; boundary="--159210318256573" X-Priority: 3 X-MSMail-Priority: Normal ----159210318256573 <html> http://example.com/ </html> This causes SpamCop to think the header is malformed (ok, which it is... but mail clients like Apple Mail still display the message, as intended by the spammer) and stops parsing it. I hope something can be done on the backend to detect this trick and parse the mail body correctly. -- Johannes