Jump to content

Search the Community

Showing results for tags 'head body boundary parse'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Discussions & Observations
    • Announcements
    • Start Here - before you make your first Post
    • How to use .... Instructions, Tutorials
    • Going to make your first post here?
    • SpamCop Reporting Help
    • SpamCop Blocklist Help
    • SpamCop Email System & Accounts
    • Mailhost Configuration of your Reporting Account
    • New Feature Request
    • SpamCop Lounge
    • Geek/Tech Things
    • Suggested Tools and Applications
    • Testing
    • FAQ Under Construction

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 1 result

  1. I recently discovered a certain spammer uses a trick with a malformed mail header that SpamCop's parser does not detect. It effectively hides the message body from being scanned, giving a "no links found" message. Here's how it works: They're using MIME 1.0 and a Content-Type header with a boundary string, but adding a fake boundary line at the end of the header: Return-Path: <bla[at]example.com> Received: from ... Message-ID: <x> From: Spammer <spammer[at]example.com> To: x Subject: Credit bla bla bla Date: Mon, 04 Apr 2016 20:36:52 +0600 MIME-Version: 1.0 Content-Type: text/html; boundary="--159210318256573" X-Priority: 3 X-MSMail-Priority: Normal ----159210318256573 <html> http://example.com/ </html> This causes SpamCop to think the header is malformed (ok, which it is... but mail clients like Apple Mail still display the message, as intended by the spammer) and stops parsing it. I hope something can be done on the backend to detect this trick and parse the mail body correctly. -- Johannes
×
×
  • Create New...