javastephen Posted May 1, 2004 Posted May 1, 2004 <table width=3D"417" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"> <tr> <td><a href=3D"http://www.expeditemortgage.net/?num8"><img src=3D"http= ://www.expeditemortgage.net/expedite_c/1.gif" width=3D"119" height=3D"161"= border=3D"0"></a><a href=3D"http://www.expeditemortgage.net/?num8"><img s= rc=3D"http://www.expeditemortgage.net/expedite_c/2.gif" width=3D"298" heig= ht=3D"161" border=3D"0"></a></td> </tr> This is from spam http://www.spamcop.net/sc?id=z455760492z4e...d0a3b01fb74006z untouched by any client software, copied straight from View Full Message. It would appear that one way to avoid being reported by Spamcop is to create vaguely ill-formed HTML in the message body.
Wazoo Posted May 2, 2004 Posted May 2, 2004 from your sample spam headers: Content-Type: multipart/alternative; boundary="--00579159142595683" missing boundary line in your spam sample body Somebody even noted this in some other header lines; X-Mail-Format-Warning: Bad RFC2822 header formatting in ----00579159142595683 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Ending boundary line is in place; ----00579159142595683-- The "3D" and all the extra "=" at the end of lines are from the "quoted-printable" format .... The missing start boundary line could be missing due to a multitude of issues, from the spammer screwing it up to your e-mail agent dropping bits ... and note that there are several levels of other servers handling this e-mail in-between the spammer and your submittal ....
javastephen Posted May 2, 2004 Author Posted May 2, 2004 The "3D" and all the extra "=" at the end of lines are from the "quoted-printable" format .... The missing start boundary line could be missing due to a multitude of issues, from the spammer screwing it up to your e-mail agent dropping bits ... and note that there are several levels of other servers handling this e-mail in-between the spammer and your submittal .... Understood. I was suggesting that one way that spamvertisers can avoid being reported by Spamcop is to format the body of their spam with those kind of end-of-line delimiters. This spam was never touched by a desktop client ... it was sent directly to my Spamcop address, held by Spamcop, and copied during the reporting process from View Full Message. I am aware that certain email clients can mangle headers and message sources, but no desktop client of mine touched this particular spam.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.