Jump to content

spam that is not being recoginized by Spamcop


forrie
 Share

Recommended Posts

There's a newish type of spam I've seen (which can't really be new) that is getting rejected by Spamcop. The spammers are sticking the spam message inside the Subject line. Here is a sample below. It would be great if this could be reportable via the Spamcop interface.

It actually may be a typo and mistake on the part of the spammer -- but still, it should be reportable.

Return-Path: <gherinijr[at]aol.com>

Received: from xxxxx.com ([unix socket])

by mail (Cyrus v2.4.16-Invoca-RPM-2.4.16-1) with LMTPA;

Tue, 27 Nov 2012 18:15:30 -0500

X-Sieve: CMU Sieve 2.4

X-Envelope-From: gherinijr[at]aol.com

X-Envelope-To: <xxxxx[at]xxxxx.com>

X-Originating-IP: 64.12.102.138

Received: from oms-mb02.r1000.mx.aol.com (oms-mb02.r1000.mx.aol.com [64.12.102.138])

by xxxxx.com (envelope-from gherinijr[at]aol.com) (8.13.8/8.13.8) with ESMTP id qARNFMO0019189

for <xxxxx[at]xxxxx.com>; Tue, 27 Nov 2012 18:15:28 -0500

Message-Id: <201211272315.qARNFMO0019189[at]xxxxx.com>

Received: from mtaout-mb02.r1000.mx.aol.com (mtaout-mb02.r1000.mx.aol.com [172.29.41.66])

by oms-mb02.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id 86FF01C000161;

Tue, 27 Nov 2012 18:15:22 -0500 (EST)

Received: from App2.pmg.com (mx1.pmghosting.net [209.204.74.37])

(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

(No client certificate requested)

by mtaout-mb02.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 9B634E000110;

Tue, 27 Nov 2012 18:15:21 -0500 (EST)

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Subject: I'm James Waldegg a retired Lt. Colonel of the US Air Force and a

philanthropist with a target at charity In 2007 I won the Donor of the year

because of my numerous donations made to charity Though,

charity is my utmost goal but

To: Recipients <gherinijr[at]aol.com>

From: "James Waldegg" <gherinijr[at]aol.com>

Date: Tue, 27 Nov 2012 18:15:17 -0500

Reply-To: waldeggjames967[at]yahoo.com.hk

x-aol-global-disposition: S

X-spam-FLAG: YES

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;

s=20110426; t=1354058122;

bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;

h=From:To:Subject:Date:MIME-Version:Content-Type;

b=E5S0UlK1W8SNSFQd5c9MFSgd/hQ1VN6RsVxz9lFk3+aQYH1EazFkrEQLxpQj7MOPl

Jk9PvWABxj9vX3TzydIqHb6ZZLPp1ae+Je7OOoJVqI1PGRloO72b+DGPMd+CIJ+Mzv

MItSaCFmTyYuB4Kgv/LaSKgIEdoSnWQs0T2Gg0v4=

X-AOL-SCOLL-SCORE: 0:2:272097632:93952408

X-AOL-SCOLL-URL_COUNT: 0

X-AOL-REROUTE: YES

x-aol-sid: 3039ac1d294250b549883e14

X-AOL-IP: 209.204.74.37

Link to comment
Share on other sites

You mean there's no offer to report anywhere? That would certainly be because of misconfiguration of the spam. That may be "as sent" or (conceivably) it could be something to do with the way your system is handling these messages. I guess you are seeing no body text, trying to interpret what you say - and, yes, that type of spam is seen from time to time. What messages are you seeing from the parser? That's a better way to pass on what is happening. Or, the best way, you should learn to post the tracking URL - even if no report is generated, you can pick up the tracker from near the head of the parse that is telling you it can't complete the job.

Here's a tracker showing what the parse would look like if the spam was not misconfigured/missing body text (but without mailhosting - your parse of the same would probably stop at AOL which is fine).

http://members.spamcop.net/sc?id=z54347675...d4a4cd303e7528z

If you have to "alter" the spam to help the parser do its job the general rule is you mustn't send the SC report obtained but there is an exception for "no body" spam (just search this site for that term to see previous discussions). For anything else you would need to consult SC staff first - or - you can always do as I have; get the parsed results, cancel the reports and send personal (manual) reports to the abuse addresses (well, no, I didn't do that last bit, it's YOUR spam).

This sort of "misconfigured" spam comes and goes from what I've seen. It usually doesn't last long, nor does get to be anything like the majority of spam even while it lasts, in the bigger picture.

Link to comment
Share on other sites

There's a newish type of spam I've seen (which can't really be new) that is getting rejected by Spamcop. The spammers are sticking the spam message inside the Subject line. Here is a sample below. It would be great if this could be reportable via the Spamcop interface.

It actually may be a typo and mistake on the part of the spammer -- but still, it should be reportable.

I've been seeing several of these over the past few weeks and no longer believe it's misconfigured as it's been going on too long. They put everything in the subject with no body text, knowing it will be rejected here.

I've started adding "No body text" and submitting them.

Link to comment
Share on other sites

Sounds like I will have to do this -- it's just one more step I have to manage (annoying). Hopefully the SC folks will work this out so they can be submitted as-is (which is my preference).

I've been seeing several of these over the past few weeks and no longer believe it's misconfigured as it's been going on too long. They put everything in the subject with no body text, knowing it will be rejected here.

I've started adding "No body text" and submitting them.

Link to comment
Share on other sites

Sounds like I will have to do this -- it's just one more step I have to manage (annoying). Hopefully the SC folks will work this out so they can be submitted as-is (which is my preference).
...While you're waiting (don't hold your breath: this is a very long-standing and oft-complained-of "problem," so apparently SpamCop engineers feel they have far more important items to address), please do not feel you "have to" report them or that you have to report all of them if they're too annoying; we fellow spam victims are very grateful for whatever you have the time and inclination to report! :) <g>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...