MyNameHere Posted April 16, 2010 Posted April 16, 2010 Hi folks, I've been getting spam using images that direct the user to type a URL (typically www.something.ru) into the browser. Because the image is embedded, there is no URL for the SpamCop parser to use. I thought it would be interesting to see what happens if I just insert the URL into the reporting form. So I did. It parsed the URL and said the last resort contact bounces, but at least it verified it was a real URL. So I wondered if it's legitimate to paste the headers and body (in the two-part form) then just type the URL at the top of the body, then submit the spam? Or is it not considered ethical to modify the spam contents when reporting? I realize it's just an exercise in statistics, but maybe it will help somehow. Thoughts? Thanks!
Farelf Posted April 16, 2010 Posted April 16, 2010 ...So I wondered if it's legitimate to paste the headers and body (in the two-part form) then just type the URL at the top of the body, then submit the spam? Or is it not considered ethical to modify the spam contents when reporting?...Altering the submission to 'help' the parser find something it otherwise would not is one of the big no-nos - Material changes to spam. You effectively agree not to do that when you become a reporter. "Image" spam comes and goes - here are prior topics that may be of interest: http://forum.spamcop.net/forums/index.php?showtopic=4515 http://forum.spamcop.net/forums/index.php?showtopic=4527 There are dangers in reading spam, viewing images etc. You can minimize/avoid those by picking up the code of the graphic from the unopened spam using "view source"/Ctrl-U/whatever and running it through an on-line decoder (like Toasted spam). You can use the parser submission paste-in webpage to get the reporting addresses for any site you read in a picture attachment - just type the URL into the box and parse. You can send manual reports - or, if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes.
MyNameHere Posted April 16, 2010 Author Posted April 16, 2010 There are dangers in reading spam, viewing images etc. You can minimize/avoid those by picking up the code of the graphic from the unopened spam using "view source"/Ctrl-U/whatever and running it through an on-line decoder (like Toasted spam). Oooh, that is cool! I expect to use that from now on. You can use the parser submission paste-in webpage to get the reporting addresses for any site you read in a picture attachment - just type the URL into the box and parse. You can send manual reports - or, if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes. Yes, that latter suggestion seems like the best. I can add the contact information from parsing the URL as a reporting address and mention it in the notes. Thanks!
turetzsr Posted April 16, 2010 Posted April 16, 2010 <snip> if you use a paid account, add an abuse address to your standard SC report and include detail of the decoded content in the appropriate notes. ...For a while, now, that feature has been available to "free" account users, as well. See the option in the "Preferences" tab labeled "Report Handling Options" -- specifically, the section labeled, "Public standard report recipients." Unfortunately, you have to check and uncheck a box that is presented to you in the parse results for each spam to either send or not send a report to that address.
Farelf Posted April 17, 2010 Posted April 17, 2010 Wow - thanks Steve. I don't believe I have ever used that option. Somehow its availability on free accounts slipped by me - don't know what, if anything, I thought of it when I saw that item on any of my infrequent forays into the Preferences. I guess I took it it a bit literally - "Public standard report recipients" but of course it can be used for any required address(es) and Preferences can be altered as often as required. "There's alway a work-around," as Miss Betsy would say and this one would be handy with low-volume reporting as an option to manual reporting. Just noting (last I recall) that field can hold multiple addresses - up to 100 characters total including separators - each address separated by a comma or a semi-colon and a blank space. And these should not include any address that consistently bounces.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.