jondaley Posted April 8, 2009 Share Posted April 8, 2009 I almost didn't send the report when I saw spamcop had grabbed out a BBC.uk URL, since presumably they wouldn't be spamming, but I didn't think about it long enough and just clicked send anyway. I heard back from the bbc folks today saying that "they have no control over email they didn't send", which is quite reasonable - and as the spammer was linking to a legitimate story about a rich guy who died (and therefore I should claim all of his money...) there isn't anything for the BBC to do. I am not sure how to prevent spamcop from reporting them, except for making them manually click on the thing that says "ISP is not interested in receiving reports for this URL", which hopefully they only have to do once and isn't too burdensome for legitimate ISPs. However, why I am posting here is that the parser changed a working URL into a broken one, so the report actually contained a URL that the spammer didn't send... The spammer sent: http://newswww.bbc.net.uk/2/hi/uk_news/eng...ire/4537663.stm And the BBC report included: http://www.bbc.net.uk/2/hi/uk_news/england...ire/4537663.stm Actually, there happened to be a carriage return after the http:// which maybe is what caused the problem. But, anyway, the BBC guy was confused as to why he was getting a report about an invalid URL when the spammer actually sent a valid one. Relevant spam reports: * 4012674023 ( http://www.bbc.net.uk/2/hi/uk_news/england/oxfo... ) * 4012674018 ( http://www.bbc.net.uk/2/hi/uk_news/england/oxfo... ) * 4012674011 ( 203.64.157.192 ) Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 8, 2009 Share Posted April 8, 2009 Relevant spam reports: * 4012674023 ( http://www.bbc.net.uk/2/hi/uk_news/england/oxfo... ) * 4012674018 ( http://www.bbc.net.uk/2/hi/uk_news/england/oxfo... ) * 4012674011 ( 203.64.157.192 ) The TrackingURL would be more helpful here to see what is actually happening. You've likely pointed to the answer with the CR in the URL (which would in fact make it not a URL at all, just some random text newswww.bbc.net.uk...) Link to comment Share on other sites More sharing options...
Farelf Posted April 8, 2009 Share Posted April 8, 2009 ...The spammer sent: http://newswww.bbc.net.uk/2/hi/uk_news/eng...ire/4537663.stm And the BBC report included: http://www.bbc.net.uk/2/hi/uk_news/england...ire/4537663.stm... Yes, as Steven asks, a Tacking URL please. Seems the parser may have outsmarted itself in its 'de-obfuscation' routine. Both the sub-domain and the domain are valid BBC ones of course which is probably all that it really 'cares' about - but it is wrong, as you say. I seem to recall that mistaken 'address fragments' within the URL might have caused problems before (such as www, but I don't think it was exactly that, last time mentioned). Seems like it is still enough, when combined with a little mangling of the address, to have the parser take the wrong path. Link to comment Share on other sites More sharing options...
Wazoo Posted April 8, 2009 Share Posted April 8, 2009 Relevant spam reports: * 4012674023 ( http://www.bbc.net.uk/2/hi/uk_news/england/oxfo... ) Getting a Tracking URL from a Report ID Link to comment Share on other sites More sharing options...
Lking Posted April 8, 2009 Share Posted April 8, 2009 I almost didn't send the report when I saw spamcop had grabbed out a BBC.uk URL, since presumably they wouldn't be spamming, but I didn't think about it long enough and just clicked send anyway. As others have said, without a tracking URL I am only guessing, but: Right above where you hit the send button, were boxes by each report destination that you could have un-checked so a report would not go to BBC.UK. Again just guessing but based on your post the BBC.uk was a link in the body of the spam used to support the scam that you had money to clam. This is a common ploy used in this type of scam to make their spam believable. This is also why you, the reporter, are ask to review where reports are sent, to eliminate the ones sent to innocent bystanders. Link to comment Share on other sites More sharing options...
Farelf Posted April 8, 2009 Share Posted April 8, 2009 ...I seem to recall that mistaken 'address fragments' within the URL might have caused problems before (such as www, but I don't think it was exactly that, last time mentioned). Seems like it is still enough, when combined with a little mangling of the address, to have the parser take the wrong path.Actually, yes, it was another case of "www" in domain name: http://forum.spamcop.net/forums/index.php?showtopic=9837 So, that is interesting in its own right. But, as Lou points out, maybe the link - right or wrong - shouldn't be reported anyway. See http://forum.spamcop.net/scwik/ReportingSpamWebsites - the section "What kinds of website links should NOT be reported?". Not the official word from SC as spelled out in the disclaimer but "further reading", "camouflage links" would usually apply to a BBC link in spam and it would be hard to imagine such as being part of or directly and deliberately supporting a spam/scam operation so why would you report it? The BBC might appreciate a 'heads up' that their material was being misused as part of a scam or somesuch but the standard SC spamvertized link report would not be an appropriate vehicle for that, IMO. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.