Jump to content

I've seen my email as part of url in body of spam


deviantchild

Recommended Posts

Posted

I understand that "munging" prevents the perpetrator of the spam simply removing any reporter from their spam mailing list as each or any report occurs, instead of resolving spam practices entirely.

This looks to be an intentional circumvention in order to acieve the former, not comply with the latter.

Unless... my supposition about the reason for "munging" is completely wrong.

Posted

"I've seen my email as part of url in body of spam"

I understand that "munging" prevents the perpetrator of the spam simply removing any reporter from their spam mailing list as each or any report occurs, instead of resolving spam practices entirely.

This looks to be an intentional circumvention in order to acieve the former, not comply with the latter.

Could be - or some other tracking purpose - but the parser "auto-munges" within the body too. Seems to happen even with "Preferences" set to "Leave spam copies intact" - as is mine - I just tested with my e-mail address dummied into both plain text and HTML divisions of a message body and the result was an "x" after parsing, in both locations. I suppose you could preview the report (prior to release) to confirm the munging persists there too (may not if preference set to "Leave spam copies intact" - if it doesn't and it is, just change that preference in your reporting account).

Let us know how you go.

More a reporting matter than email, moving to the reporting forum.

Posted

"I've seen my email as part of url in body of spam"

Could be - or some other tracking purpose - but the parser "auto-munges" within the body too. Seems to happen even with "Preferences" set to "Leave spam copies intact" - as is mine - I just tested with my e-mail address dummied into both plain text and HTML divisions of a message body and the result was an "x" after parsing, in both locations. I suppose you could preview the report (prior to release) to confirm the munging persists there too (may not if preference set to "Leave spam copies intact" - if it doesn't and it is, just change that preference in your reporting account).

Let us know how you go.

More a reporting matter than email, moving to the reporting forum.

Thank you very much. A very thorough reply. I'll try the preview option.

Posted

I understand that "munging" prevents the perpetrator of the spam simply removing any reporter from their spam mailing list as each or any report occurs, instead of resolving spam practices entirely.

IMHO you give spammers more credit than they deserve. The time required to wash a name/email from their list of thousands is more than the time needed to send out another 1M spam. I don't think they bother.

For example, my domain receives several hundred spam to invalid mailboxes every day. An example is bob[at]domain.com. "Bob" receives maybe 1/3 of the spam and, like Steve, I report it all with munging off. The volume of spam sent to "Bob" has not changed over the years which tells me that none of the spammers have washed that email address from their list or the list they sell other spammers.

That would be discouraging except that all of Bob's email helps identify the current sources of spam for the SCBL and maybe others won't need to deal with spam from the same source.

Posted

IMHO you give spammers more credit than they deserve. The time required to wash a name/email from their list of thousands is more than the time needed to send out another 1M spam. I don't think they bother.

For example, my domain receives several hundred spam to invalid mailboxes every day. An example is bob[at]domain.com. "Bob" receives maybe 1/3 of the spam and, like Steve, I report it all with munging off. The volume of spam sent to "Bob" has not changed over the years which tells me that none of the spammers have washed that email address from their list or the list they sell other spammers.

That would be discouraging except that all of Bob's email helps identify the current sources of spam for the SCBL and maybe others won't need to deal with spam from the same source.

I was going on the premise that, usually, any spam I receive from one source - or even similar format spams from several servers or spoofs - disappears after a couple of reports. I hardly get spam these days (across several email accounts) but I occasionally get hit by a new method or trend a few times before it seems to get quashed by reporting.

Thank you very much. A very thorough reply. I'll try the preview option.

I tried it and found my email to still be present.

It's not the whole email, just everything before the [at], though, if they know, or have encoded within the trailing identifier the mailhost, then they have the culprit of the reporting identified; in this case, me.

I sent it anyway.

Posted
...I tried it and found my email to still be present.

It's not the whole email, just everything before the [at], though, if they know, or have encoded within the trailing identifier the mailhost, then they have the culprit of the reporting identified; in this case, me.

I sent it anyway.

I would have done the same - but note you're allowed to manually munge the body (or even truncate it, remembering there has to be *something* there, following a blank line after the headers). But, like Lou, I never found any evidence that reporting unmunged had consequences (and to think I wasted years as a "mole" reporter). Now my (several) providers seem to catch 99.9% of the stuff before it reaches the account level - other users of those mail services apparently find themselves similarly starved of spam and I'm guessing very few of them are SC reporters - which would argue against list washing as a major factor in those cases.

Yes, those could be "trackers" but more likely in most cases, I suppose, to be some lame attempt to make the spam look like some sort of personalised message, as if that would encourage reading it or the recipient falling for whatever was being pushed. Well, the first part works :D Or, trying maybe to bluff you out of reporting? But, honestly, the average spammer these days relies on huge volumes, and shouldn't be too concerned about the odd IP address appearing on the SCbl from time to time (not with that "business model", botnets and snowshoe hosts). I'm sure mass-mailers and other mail clients exist which are able - and designed - to "personalise" the stuff in volume. Certainly there will exceptions and "targeted" spam is nothing new. But mostly ... probably not (what are the odds?).

Anyway, never do anything with which you're uncomfortable (and don't take advice from people you can't sue :D )

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...