alvarnell Posted June 22, 2011 Share Posted June 22, 2011 I've noticed a couple of spammers have resorted to padding messages with non-displayed data which seems obviously designed to defeat the SpamCop site. They put important links at the end of the message where they will be automatically deleted by SpamCop since the overall message exceeds character limits. In order to defeat this, I have been removing the obvious padding and submitting only what appears in the message. Just wanted to make sure that the SpamCop folks were aware of this tactic and ask if there will be a software update any time soon to counter this. One of these sites is the one that changes it's domain name every time, but always ends in "...me.com". The one I just received was from ScoreCheck[at]sweetuber.com with html links to frardark.greenwalksite.net. Link to comment Share on other sites More sharing options...
turetzsr Posted June 22, 2011 Share Posted June 22, 2011 I've noticed a couple of spammers have resorted to padding messages with non-displayed data which seems obviously designed to defeat the SpamCop site. <snip> ...You seem to be assuming that SpamCop's mission is to identify and report spamvertized web sites. It isn't. Please see SpamCop Forum "thread" "spam, SpamCop, KnujOn and philosophy." In addition to KnujOn, there is Complainterator.<snip> In order to defeat this, I have been removing the obvious padding and submitting only what appears in the message. Just wanted to make sure that the SpamCop folks were aware of this tactic and ask if there will be a software update any time soon to counter this. <snip> ...Please stop that practice![/size] You are risking losing your right to continue to use your SpamCop reporting account. See SpamCop Forum (link near top left of every SpamCop Forum page) item labeled "-----> Material changes to spam." Edit 18-Jul-2011 to de-emphasize and strike comment that has been rendered incorrect by Don D'Minion's post Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 22, 2011 Share Posted June 22, 2011 It is OK to delete content in order to reduce the size of the spam, as long as you don't alter what is left. There are no plans to increase the size limit. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Link to comment Share on other sites More sharing options...
Wazoo Posted June 22, 2011 Share Posted June 22, 2011 SpamCop Wiki page Material changes to spam updated Link to comment Share on other sites More sharing options...
alvarnell Posted June 22, 2011 Author Share Posted June 22, 2011 ...You seem to be assuming that SpamCop's mission is to identify and report spamvertized web sites. It isn't. Not at all, I talking about email. In HTML format, not web pages. It is OK to delete content in order to reduce the size of the spam, as long as you don't alter what is left. There are no plans to increase the size limit. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Nor should there be. I am simply pointing this out to you to make sure you realize there are Spmmers out there who have figured out a way to hide from that limit. SpamCop Wiki page Material changes to spam updated Thanks for the quick response! Link to comment Share on other sites More sharing options...
agsteele Posted June 22, 2011 Share Posted June 22, 2011 Not at all, I talking about email. In HTML format, not web pages. I think that was understood. What was being said, albeit not clearly, was that Spamcop's main reason for being is to report the ip address of the source of the Email. That the Email body is in HTML format is not relevant to that task. All the necessary data is in the Email header. The scenario you describe may prevent the parser from identifying links within the body but since that isn't the SCBL focus of activity it really doesn't matter too much. The suggestion that you take a look at other services was that those groups ARE interested in links within the message. FWIW, a good number of reports consider the reporting of links within a message as a wasted effort. Few ISPs seem to be bothered to take action based on those reports. Andrew Link to comment Share on other sites More sharing options...
weif Posted July 15, 2011 Share Posted July 15, 2011 I've noticed a couple of spammers have resorted to padding messages with non-displayed data which seems obviously designed to defeat the SpamCop site. They put important links at the end of the message where they will be automatically deleted by SpamCop since the overall message exceeds character limits. Another similar thing I have observed, though I do not know whether it is happening to 'defeat' Spamcop, are messages with so many extra junk header lines and so many addresses stuffed into the To: and CC: fields that when the message is truncated by Spamcop to 50k, there isn't any message left, so Spamcop won't generate reports... Link to comment Share on other sites More sharing options...
SpamCop 98 Posted July 17, 2011 Share Posted July 17, 2011 Another similar thing I have observed, though I do not know whether it is happening to 'defeat' Spamcop, are messages with so many extra junk header lines and so many addresses stuffed into the To: and CC: fields that when the message is truncated by Spamcop to 50k, there isn't any message left, so Spamcop won't generate reports... A kilobyte can accommodate about 1/2 of a typewritten page of uncompressed text, meaning that 50k would be 25 typewritten pages worth of text. I've certainly never seen such an animal. Do you have an example? Link to comment Share on other sites More sharing options...
weif Posted July 17, 2011 Share Posted July 17, 2011 I've certainly never seen such an animal. Do you have an example? Yeah, I can dig one out of my sent items, but there is a whole thread on that in particular (which I found after making my comment here). Forum info about truncating excessive headers Link to comment Share on other sites More sharing options...
SpamCop 98 Posted July 18, 2011 Share Posted July 18, 2011 Yeah, I can dig one out of my sent items, but there is a whole thread on that in particular (which I found after making my comment here). Forum info about truncating excessive headers I am receiving, several times daily, a 904 KB spam message whose headers include more than 13,700 lines of "cc:" addresses (about 40,000 individual addresses). Impressive! I wonder just how many packets that single email produced. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.