euphorique Posted May 16, 2018 Share Posted May 16, 2018 Hi, If Bcc: header is the last one of the header block, the parser can not find the mail body. See the problem here: https://www.spamcop.net/sc?id=z6465188193z3af57cb725d9442c31200476b3b6538cz When do you plan to fix it? Thank you. Link to comment Share on other sites More sharing options...
Lking Posted May 16, 2018 Share Posted May 16, 2018 There is no plan to fix a problem that does not exist with the parser. The problem is that a blank line is missing. The standard requires a blank line to define the end of the header/beginning of the body. If the spammer's email package does not include the blank line the parser can not identify the where the body starts. As you can understand that it is not practical to try to program the parser to handle all the ways that a spammer could NOT follow the email format standard. You can identify the end of the header and insert a blank line to correct the spammer's error. Link to comment Share on other sites More sharing options...
lisati Posted May 16, 2018 Share Posted May 16, 2018 Agreed, the blank line usually present after the headers appears to be missing. What I'm seeing when I follow the tracking link and then clicking on "View entire message" is just the headers, with absolutely nothing at all after the BCC header. Is this an accurate representation of what actually made it into your inbox? Link to comment Share on other sites More sharing options...
euphorique Posted May 17, 2018 Author Share Posted May 17, 2018 13 hours ago, Lking said: The problem is that a blank line is missing. No. The blank line *is present*. You can add a BCC: header to your next reported spam and see for yourself. Link to comment Share on other sites More sharing options...
euphorique Posted May 17, 2018 Author Share Posted May 17, 2018 Ok, I've put together a minimal example to demonstrate the problem. Make sure the date in the "Received:" header is close to today, otherwise the parser will bail out just after this header. Case 1 Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148]) by mx.google.com with ESMTPS id some-id-here; Tue, 17 May 2018 12:37:00 -0700 (PDT) From: some-body@linkedin.com To: me@mailinator.com Subject: problem with BCC: header ACC: none Hey! There is a blank line between the headers and the body! Note the "ACC:" header. The result: message source is found, reporting address is found. As expected. Case 2 Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148]) by mx.google.com with ESMTPS id some-id-here; Tue, 17 May 2018 12:37:00 -0700 (PDT) From: some-body@linkedin.com To: me@mailinator.com Subject: problem with BCC: header BCC: none Hey! There is a blank line between the headers and the body! Note the "BCC:" header. The result: "No body text provided, check format of submission. spam must have body text." Case 3 Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148]) by mx.google.com with ESMTPS id some-id-here; Tue, 17 May 2018 12:37:00 -0700 (PDT) From: some-body@linkedin.com To: me@mailinator.com BCC: none Subject: problem with BCC: header Hey! There is a blank line between the headers and the body! Note that there is another header after "BCC:" header. The result: message source is found, reporting address is found. As expected. Link to comment Share on other sites More sharing options...
Lking Posted May 17, 2018 Share Posted May 17, 2018 One or more Tracking URL would be the information you need to provide. Link to comment Share on other sites More sharing options...
euphorique Posted May 17, 2018 Author Share Posted May 17, 2018 I provided one in the very first post, but lisati reported above that he could not see the body, only the headers. That report *does* have the body, or at least I can see it. So probably there is another bug lurking. Anyway, for the sake of completeness, here are the links. Again, I am submitting both headers and body (in RFC822 sense). Case 1: https://www.spamcop.net/sc?id=z6465379953zc617c730898b61e14b1fdeb6434218a7z Case 2: https://www.spamcop.net/sc?id=z6465380058zf95de8717cee940fc5bc0a91cb15aaddz Case 3: https://www.spamcop.net/sc?id=z6465380112z1c4ae87f11a33a2ba7dcbef68f944f62z Link to comment Share on other sites More sharing options...
euphorique Posted September 27, 2018 Author Share Posted September 27, 2018 Four months on, the bug is still there. Link to comment Share on other sites More sharing options...
euphorique Posted February 20, 2019 Author Share Posted February 20, 2019 Nine months on, the bug is still there. Fresh tracking URL: https://www.spamcop.net/sc?id=z6523123683za99d8a142d504f688c643e1e02f281d8z On the bright side, "Received: by 2002:aXX:..." has been fixed, eventually. Link to comment Share on other sites More sharing options...
petzl Posted February 20, 2019 Share Posted February 20, 2019 10 hours ago, euphorique said: Nine months on, the bug is still there. Fresh tracking URL: https://www.spamcop.net/sc?id=z6523123683za99d8a142d504f688c643e1e02f281d8z Not a bug? SpamCop recieved no body in text? when there is no body you just hit the enter key twice under last lineSubject: PAYMENT NOTIFICATION OF YOUR FUNDS. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Bcc: x here and write No text in spam body Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 The page referred in tracking URL has a link "View entire message" (don't know whether others can see the original). The boundary between headers and body looks like: [--- most of headers skipped ---] Subject: PAYMENT NOTIFICATION OF YOUR FUNDS. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Bcc: x@y.com U.S. DEPARTMENT HOMELAND SECURITY, MG Timothy J. Lowenberg,Adjutant General and Director State Military Department Washington Military Dept, Bldg1 Camp Murry ,Wash USA[--- the rest of the body---] There is body. There is blank line between headers and body. The last line of headers is Bcc: I could copy-paste three snippets from my comment of 17th May 2018 but I would rather not. They demonstrated the problem then, and they demonstrate the same problem now. Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 31 minutes ago, euphorique said: The page referred in tracking URL has a link "View entire message" (don't know whether others can see the original). The boundary between headers and body looks like: [--- most of headers skipped ---] Subject: PAYMENT NOTIFICATION OF YOUR FUNDS. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Bcc: x@y.com U.S. DEPARTMENT HOMELAND SECURITY, MG Timothy J. Lowenberg,Adjutant General and Director State Military Department Washington Military Dept, Bldg1 Camp Murry ,Wash USA[--- the rest of the body---] There is body. There is blank line between headers and body. The last line of headers is Bcc: I could copy-paste three snippets from my comment of 17th May 2018 but I would rather not. They demonstrated the problem then, and they demonstrate the same problem now. Hey euphorique, Are you able to copy the entire source data to a text file (mung your email address & any other fields that may include your email address, do a search for the first part of your email address after you've munged the obvious fields) then post the text file here so we can parse it, we may get the same result as you, in which case it at least confirms your results or if we get different results it may help get to the bottom of why there's a recurring issue. I'm only a grass🦗hopper so my suggestion may not be helpful but (imo) it's worth a try. Cheers. Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 Hey euphorique, grass🦗hoppe again, I can see the entire msg, to a grass🦗hoppe the following seems odd as (in my grass🦗hoppe experience) the following normally preceeds [ MIME-Version: 1.0 ] Received: by 2002:a9d:588d:0:0:0:0:0 with HTTP; Wed, 20 Feb 2019 00:20:37 -0800 (PST) From: DHL DELIVERY COMPANY <dhlno1deliverycompany@gmail.com> Date: Wed, 20 Feb 2019 09:20:37 +0100 Message-ID: <CAMM___________________________________________v+iQ@mail.gmail.com> Subject: PAYMENT NOTIFICATION OF YOUR FUNDS. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Bcc: x grass🦗hoppe 🤔 Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 2 hours ago, MIG said: Are you able to copy the entire source data to a text file ... then post the text file here so we can parse it, we may get the same result as you, in which case it at least confirms your results or if we get different results it may help get to the bottom of why there's a recurring issue. Yep, the file is attached. Enjoy! SC-parser-Bcc-field-no-body.txt Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 22 minutes ago, euphorique said: Yep, the file is attached. Enjoy! SC-parser-Bcc-field-no-body.txt Hmmm, maybe grass🦗hopper should stick to being a grass🦗hopper... I get [http://forum.spamcop.net/applications/core/interface/file/attachment.php?id=1880, This attachment is not available. It may have been removed or the person who shared it may not have permission to share it to this location] 🤫, can you pm it to me please? Cheers. Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 Hey euphorique, grass🦗hopper is a grass🦗hopper for a good reason, I'm not having much luck with the parser, striking errors not the same as what you got. Need someone like RobiBue to pitch in, he's very good at the convoluted, upside down interpretation of these. I did pm you a question, if you could let me know please. I must say you deserve "US$35 MILLION US DOLLARS" (I guess the 💩spammer💩 said "US" twice 'cause he/she wants to remind you "US" means sharing with him/her... Yeah right!") after being plagued by creatures with such poor grammar! Grrrr! Link to comment Share on other sites More sharing options...
RobiBue Posted February 21, 2019 Share Posted February 21, 2019 Please forgive my ignorance here, but I've never seen receiving headers with bcc in them... afaik they get stripped by the sending mail host and never shown to any recepient. ok, after reading rfc2822 section 3.6.3, I stand corrected that there might be mail software that includes a bcc: header to the recipient. BUT after running a test with case 2 but using a "validly formed" email address, it parses correctly for me... https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 10 minutes ago, RobiBue said: BUT after running a test with case 2 but using a "validly formed" email address, it parses correctly for me... https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz This is probably because the message is 9 months old, and you get "Sorry, this email is too old" before the parser has a chance to get the bcc: header. Here is the new one: https://www.spamcop.net/sc?id=z6523547462ze5946ba4c2eff5336884fa5afac35a32z Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32]) by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06; Thu, 22 Feb 2019 05:54:07 -0800 (PST) From: some-body@linkedin.com To: me@mailinator.com Subject: problem with BCC: header BCC: none Hey! There is a blank line between the headers and the body! Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 14 minutes ago, RobiBue said: Please forgive my ignorance here, but I've never seen receiving headers with bcc in them... afaik they get stripped by the sending mail host and never shown to any recepient. ok, after reading rfc2822 section 3.6.3, I stand corrected that there might be mail software that includes a bcc: header to the recipient. BUT after running a test with case 2 but using a "validly formed" email address, it parses correctly for me... https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz Hey RobiBue, Whew, grass🦗hopper sure is glad you're here, I thought the bcc was odd to but I'm a bit out of my grass🦗hoppe depth. I'm not sure what mail sfw is being used, that was my next ? but your parser results may be all euphorique needs. I totally knew you could bring some clarity to 132315. Thank you! euphorique, what do you reckon?😊 The age msg is normal once a spam is 48 hrs old, I think from SpamCops rules any spam reported outside that window always generates the "age" msg. What type of mail tool do you use, excuse my ? if it's posted earlier, just trying to cover all bases? Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 6 minutes ago, MIG said: What type of mail tool do you use, excuse my ? if it's posted earlier, just trying to cover all bases? gvim Just changed the date to future, for others to have more than 48h to examine. Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 RobiBue, Thank you fo pitching in!! If you're still here can you elaborate please on "validly formed" email address, grass🦗hopper keen to learn please. Cheers! Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 3 minutes ago, MIG said: can you elaborate please on "validly formed" email address This one has "validly formed" address in bcc: https://www.spamcop.net/sc?id=z6523551992z5978bb9216921fdbce50eebacde4661az Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32]) by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06; Thu, 25 Feb 2019 05:54:07 -0800 (PST) From: spammer@spam.com To: me@mailinator.com Subject: problem with BCC: header BCC: spammer@spam.com Hey! There is a blank line between the headers and the body! Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 gvim euphorique?😵, grass🦗hopper don't understand abbreviations!😂 Just tried a google, it's talking about gnomes, grass🦗hopper feels like it's stuck in mud 😉 Link to comment Share on other sites More sharing options...
MIG Posted February 21, 2019 Share Posted February 21, 2019 5 minutes ago, euphorique said: This one has "validly formed" address in bcc: https://www.spamcop.net/sc?id=z6523551992z5978bb9216921fdbce50eebacde4661az Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32]) by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06; Thu, 25 Feb 2019 05:54:07 -0800 (PST) From: spammer@spam.com To: me@mailinator.com Subject: problem with BCC: header BCC: spammer@spam.com Hey! There is a blank line between the headers and the body! Re [this one], so going back to RobiBues post, are you able to replicate what he/she has? Link to comment Share on other sites More sharing options...
euphorique Posted February 21, 2019 Author Share Posted February 21, 2019 38 minutes ago, MIG said: Re [this one], so going back to RobiBues post, are you able to replicate what he/she has? As always, "No body text provided, check format of submission. spam must have body text." Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.