Jump to content

Forwarding links within emails.


AManCalledHawk
 Share

Recommended Posts

I have been inundated with emails from several spammers who use forwarding links within their emails to hide the sites they are trying to promote. When reporting these spammers, I have been using firefox to post the history in order to get some results. The problem is, I have been finding result like:

net-admin#eonix.net{AT}devnull.spamcop.net

abuse#vpls.net{AT}devnull.spamcop.net

abuse#eircom.net{AT}devnull.spamcop.net

These are the sites that have been forwarding links:

http;\\ezofferz,com/cr,php?cid=424&a=720&s1=111&s3=1111&s4=CRA&s5=CRPX&NetA

http;\\www,amigocute,site/

So, the question is, is the scri_pt used by spamcop to report spam reporting deep enough so that the web sites profiting from these messages are being dealt with? It would be nice to see something done about these spammers, who have adapted their strategies to counter existing reporting techniques.

 

 

Link to comment
Share on other sites

At the top of the screen after you press the <Process spam> button you should see a Tracking URL, a link that looks like

https://www.spamcop.net/sc?id=z6334168703z687aec0f9c5e5b6eb74831a201b669aaz

If you would provide an example that would let the rest of us see how the parser processed you spam and we could then better help you understand the results.

The three @devnull.spamcop.net emails you provided are used for internal spamcop tracking and indicate that spam reports were not sent for any of several reasons. See Reports sent to SpamCop addresses

From the information provided, I can not tell if any of the reports generated are a result of links in the body of the spam or are all from the spam delivery path.

Also keep in mind that links in the body of the spam are the lowest spamcop priority, following (2) sending spam reports for you and (1) collecting information for the Blocklist.

Link to comment
Share on other sites

Newest one:

https://www.spamcop.net/sc?id=z6336805495zce053e097a9f1d5a4529d854d616eac6z

Keep in mind, I followed the link and posted the URLs it hit along the way. They were:

http://ezofferz.com/cr.php?cid=424&a=720&s1=111&s3=1111&s4=CRA&s5=CRPX&NetA

https://www.plaisirexpress.com/aff.php?dynamicpage=qf_wlp_4st_tmr_a&utm_source=cpa&md=64&utm_medium=web&utm_campaign=rfdoic&utm_term=qfcan&utm_content=720&data2=2-611-268e5ed6-46da-48d1-8de5-d3fbae549de9&data3=111&NetA=

Without them, the spammers continued spamming since the scan appeared to be surface instead of in-depth. For now, if there is no other way, I will just continue following and posting the links for reporting.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...