aculver Posted February 28, 2011 Share Posted February 28, 2011 http://www.spamcop.net/mcgi?action=gettrac...rtid=5438180888 http://www.spamcop.net/sc?id=z4911257978z9...f1d5fc58620808z The message contains a URL: <https://spreadsheets.google.com/viewform?formkey=dGotMWg4MVFST2tWX1ZUc2hCRXJFVUE6MQ> However, the parser doesn't give me the option of sending a report to google. It doesn't even say that the URL was found and that the owner doesn't want to receive reports. It seems to either not find the URL at all or completely ignore it. Link to comment Share on other sites More sharing options...
Farelf Posted February 28, 2011 Share Posted February 28, 2011 The problem there seems to be with the incorrect declaration of Content-type: I'm amazed the parser handled that header construction at all - I swear the time was when it would have turned up its toes after bleating about "incomplete headers" or somesuch. The thing is, there's a limit to how "broken" the headers can be before the parser stops coping. The blame is with the poor/cobbled-together mass mailing tools the spammers use. Removing the mime boundary and content type declarations entirely sees the parser handle it correctly as text: http://www.spamcop.net/sc?id=z4911576155za...c35a77d7487abaz This is just for illustration - we're not allowed to fiddle with the headers to help the parser - that's one of the big prohibitions we all undertake to obey when we become reporters. Generally these poorly-constructed messages don't survive long in the wild though. Either their senders get a real job or they get rich enough on spam to afford proper resources - I've never been able to work out which. Reporting wouldn't have done any good in this case as it happens - Google doesn't want to know and SC Deputies/Admin have been appealed to already concerning that. Link to comment Share on other sites More sharing options...
aculver Posted February 28, 2011 Author Share Posted February 28, 2011 Thanks for figuring that one out. I admit that I did indent some of the multi-line headers in an attempt to get the message to parse properly, but didn't attempt to remove spurious headers. At least I know that I wasn't doing anything wrong. I've already submitted a separate abuse report to google through their website concerning the phishing form at that URL, so hopefully they pull it down soon. Cheers, Andrew Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.