Jump to content

Munging plain-text From: addresses and obfuscated names in HTML body


DRSpalding
 Share

Recommended Posts

Hi,

I have been seeing a bunch of LinkedIn phishing spam/scam mails that are using an email address that does not get munged in the reports. The email address is of the form:

This email was intended for somebody#064;example.com

I know it's a lot to ask, but I would really like it if those could be found and cleaned up too, along with the "somebody%40example.com" variant.

I have also recently seen quite a few industriously devious spammers placing the recipient address as the "From:" address as well, which notably, SpamCop does not munge either.

Both of these cases require me to a) be vigilant to them and b\) manual munging of email addresses.

Can either of these issues possibly be addressed?

Thanks!

D.

Edited by turetzsr
Link to comment
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Not in my case. The phish attempts (or hook attempts, really--they just want the click, not the credentials) are not from LinkedIn, but messages that look like LinkedIn.

It's funny that the '[at]' character with the spammer's "\#064;" (sans the backslash) HTML encoding that I placed in a code block so that it wouldn't be reinterpreted was converted somewhere along the way to another obfuscated form, with the "[at]" human readable encoding. :) If a moderator could edit it back to the way it was to be clear to anyone else that comes along, that would be great, since the one I am requesting a feature upgrade on is actually decodable via a HTML rendering.

Edited by DRSpalding
Link to comment
Share on other sites

<snip>

It's funny that the '[at]' character with the spammer's "\&064;" (sans the backslash) HTML encoding that I placed in a code block so that it wouldn't be reinterpreted was converted somewhere along the way to another obfuscated form, with the "[at]" human readable encoding. :) If a moderator could edit it back to the way it was to be clear to anyone else that comes along, that would be great, <snip>

...Good catch! Yes, that's our protective scri_pt catcher (my words, not quite sure what best to call the tool, nor precisely what/who provided it -- the underlying third-party Forum software or our Forum Moderator -- my guess is the latter). I put it back, using a space between the 4 and the semicolon, which space can not be seen with the way my browser, Firefox 19.0, renders the text.
Link to comment
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

Yes would think Linkedin would have an easy way of reporting spam their spam to them?

For problem places like that or Facebook or twitter just have it sent to Gmail free throwaway account. They are very good at sorting spam and even if sent to "spam" folder it can still be read

Link to comment
Share on other sites

...Good catch! Yes, that's our protective scri_pt catcher (my words, not quite sure what best to call the tool, nor precisely what/who provided it -- the underlying third-party Forum software or our Forum Moderator -- my guess is the latter). I put it back, using a space between the 4 and the semicolon, which space can not be seen with the way my browser, Firefox 19.0, renders the text.

You must have caught my message before I edited to correct the '&' to the proper '#' in the HTML literal character encoding. It should be "#064 ;".

Link to comment
Share on other sites

Just a quick comment that most LinkedIn spam actually comes from LinkedIn, so should not be an issue for you.

It should be said that if you are a LinkedIn user and you have your preferences set to receive notifications by email, that is NOT spam and cannot be reported via spamcop!
Link to comment
Share on other sites

It should be said that if you are a LinkedIn user and you have your preferences set to receive notifications by email, that is NOT spam and cannot be reported via spamcop!

True, but what I was referring to are the invitations LinkedIn sends out to everybody in a members contact list when a member provides the password to their e-mail account (accidentally or on purpose) so that LinkedIn can "help" the user find additional associates. Those were unsolicited by me and sent by LinkedIn, so they are spam to me. Edited by alvarnell
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...