spamtrap63 Posted June 2, 2009 Share Posted June 2, 2009 Hi, I was hoping to be able to report this directly to spamcop, but not easy to contact them. I just submitted a new sample, and the mail analyser did not apparently pick up the url contained in the body, which I reproduce here because it is small: -----------------76F973CC666399.6ofq8qrS Content-Type: application/octet-stream; name="unduly.rtf" Content-Transfer-Encoding: base64 e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcZGVmbGFuZzEwMzN7XGZvbnR0Ymx7XGYwXGZu aWxcZmNoYXJzZXQwIENhbGlicmk7fX0NCntcY29sb3J0YmwgO1xyZWQwXGdyZWVuMFxibHVlMjU1 O30NCntcKlxnZW5lcmF0b3IgTXNmdGVkaXQgNS40MS4yMS4yNTA5O31cdmlld2tpbmQ0XHVjMVxw YXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcbGFuZzlcZjBcZnMyMntcZmllbGR7XCpcZmxkaW5zdHtI WVBFUkxJTksgImh0dHA6Ly81NS0xMS5jbiJ9fXtcZmxkcnNsdHtcdWxcY2YxIGh0dHA6Ly81NS0x MS5jbn19fVxmMFxmczIyICAtIGJ1eSB2aWFncmEsIGNpYWxpcywgbGV2aXRyYSBhbmQgb3RoZXIg bWVkc1xwYXINCn0= -----------------76F973CC666399.6ofq8qrS-- and this rtf file decodes to simply: {\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}} {\colortbl ;\red0\green0\blue255;} {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang9\f0\fs22{\field{\*\fldinst{HYPERLINK "http://55-11.cn"}}{\fldrslt{\ul\cf1 ht tp://55-11.cn} }}\f0\fs 22 - buy viagra, cialis, levitra and other meds\par The url is plain unobfuscated text so should have been noticed! Could someone please forward this on to the developer(s) ? Cheers, Andy. [edit 'clickable' link broken] Link to comment Share on other sites More sharing options...
Farelf Posted June 2, 2009 Share Posted June 2, 2009 Hi, I was hoping to be able to report this directly to spamcop, but not easy to contact them.Hi Andy, There are many reference to SC contacts - but that would be the SC Admin or SC deputies, there is no 'direct number' for engineering/development. If you have a suggestion for an enhancement to 'the system' that should posted to the New Feature Request Forum but it is not clear yet whether this 'new trick' is really that. It is not at all new for spam to contain BASE64 parts - see http://www.spamcop.net/fom-serve/cache/283.html - but certain content (such as graphics) are not handled and that is well known to the developers. ... I just submitted a new sample, and the mail analyser did not apparently pick up the url contained in the body, which I reproduce here because it is small:...The above FAQ might lead you to understand "... SpamCop normally decodes and parses Base64 fine" which might indicate some sort of deviance from expected parser performance but no-one could tell unless you provide a Tracking URL which will reveal the full context of the message and its parse. And a tracker refrains from pasting a clickable link to a 'spamvertizement' in these (public and search-engine indexed) pages. Which you should try not to do in future (I broke the link this time). You can send your example to SC staff - service[at]admin.spamcop.net or deputies[at]admin.spamcop.net (they will expect a tracking URL too) or you can discuss it further here, whatever you prefer. It is possibly better to explore the issues 'here', for the advancement of (other/all) user knowledge. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.