Jump to content

Finding links in message body


Recommended Posts

Posted
<table width=3D"417" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

 <tr>

   <td><a href=3D"http://www.expeditemortgage.net/?num8"><img src=3D"http=

://www.expeditemortgage.net/expedite_c/1.gif" width=3D"119" height=3D"161"=

border=3D"0"></a><a href=3D"http://www.expeditemortgage.net/?num8"><img s=

rc=3D"http://www.expeditemortgage.net/expedite_c/2.gif" width=3D"298" heig=

ht=3D"161" border=3D"0"></a></td>

 </tr>

This is from spam

http://www.spamcop.net/sc?id=z455760492z4e...d0a3b01fb74006z

untouched by any client software, copied straight from View Full Message.

It would appear that one way to avoid being reported by Spamcop is to create vaguely ill-formed HTML in the message body.

Posted

from your sample spam headers:

Content-Type: multipart/alternative;

boundary="--00579159142595683"

missing boundary line in your spam sample body

Somebody even noted this in some other header lines;

X-Mail-Format-Warning: Bad RFC2822 header formatting in ----00579159142595683

Content-Type: text/html;

Content-Transfer-Encoding: quoted-printable

Ending boundary line is in place;

----00579159142595683--

The "3D" and all the extra "=" at the end of lines are from the "quoted-printable" format .... The missing start boundary line could be missing due to a multitude of issues, from the spammer screwing it up to your e-mail agent dropping bits ... and note that there are several levels of other servers handling this e-mail in-between the spammer and your submittal ....

Posted
The "3D" and all the extra "=" at the end of lines are from the "quoted-printable" format .... The missing start boundary line could be missing due to a multitude of issues, from the spammer screwing it up to your e-mail agent dropping bits ... and note that there are several levels of other servers handling this e-mail in-between the spammer and your submittal ....

Understood.

I was suggesting that one way that spamvertisers can avoid being reported by Spamcop is to format the body of their spam with those kind of end-of-line delimiters.

This spam was never touched by a desktop client ... it was sent directly to my Spamcop address, held by Spamcop, and copied during the reporting process from View Full Message. I am aware that certain email clients can mangle headers and message sources, but no desktop client of mine touched this particular spam.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...