Jump to content
Sign in to follow this  
aculver

[Resolved] Not parsing google URL?

Recommended Posts

http://www.spamcop.net/mcgi?action=gettrac...rtid=5438180888

http://www.spamcop.net/sc?id=z4911257978z9...f1d5fc58620808z

The message contains a URL:

<https://spreadsheets.google.com/viewform?formkey=dGotMWg4MVFST2tWX1ZUc2hCRXJFVUE6MQ>

However, the parser doesn't give me the option of sending a report to google. It doesn't even say that the URL was found and that the owner doesn't want to receive reports. It seems to either not find the URL at all or completely ignore it.

Share this post


Link to post
Share on other sites

The problem there seems to be with the incorrect declaration of Content-type: I'm amazed the parser handled that header construction at all - I swear the time was when it would have turned up its toes after bleating about "incomplete headers" or somesuch. The thing is, there's a limit to how "broken" the headers can be before the parser stops coping. The blame is with the poor/cobbled-together mass mailing tools the spammers use.

Removing the mime boundary and content type declarations entirely sees the parser handle it correctly as text:

http://www.spamcop.net/sc?id=z4911576155za...c35a77d7487abaz

This is just for illustration - we're not allowed to fiddle with the headers to help the parser - that's one of the big prohibitions we all undertake to obey when we become reporters. Generally these poorly-constructed messages don't survive long in the wild though. Either their senders get a real job or they get rich enough on spam to afford proper resources - I've never been able to work out which.

Reporting wouldn't have done any good in this case as it happens - Google doesn't want to know and SC Deputies/Admin have been appealed to already concerning that.

Share this post


Link to post
Share on other sites

Thanks for figuring that one out. I admit that I did indent some of the multi-line headers in an attempt to get the message to parse properly, but didn't attempt to remove spurious headers. At least I know that I wasn't doing anything wrong.

I've already submitted a separate abuse report to google through their website concerning the phishing form at that URL, so hopefully they pull it down soon.

Cheers,

Andrew

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×