Meneldur Posted October 2, 2004 Posted October 2, 2004 I'd love to automate the process of parsing email addresses in spam messages. SC parser doesn't watch them. If I report them manually, I usually get the spamming/spamvertized account closed, but I lose a lot of time making the research manually (using Sam Spade). Is there a scri_pt or plugin for Outlook to do this? Or a setting for SC parser. Lots of tks.
StevenUnderwood Posted October 2, 2004 Posted October 2, 2004 How many spams do you get that have email addresses within the body? I just searched my trash (where 3 days worth on messages are kept and searched the bodies for [at] and came up with 31 messages out of 497. THat was not even looking at the bodies to see if these were valid email addresses or some encrytped text. If I recall, SC used to report those but found the majority were joe-joe type addresses (forged to cause problems for others). Since SC stopped reporting them, perhaps spammers have stopped/reduced this practice. I hope you are not talking about the sending address because that is almost invariably forged. If the address is dead by the time you do the resarch, it is probably because the user was getting thousands of bounces and changed their address. Not that the user was actually a spammer.
Meneldur Posted October 3, 2004 Author Posted October 3, 2004 Hi, Steven. How many spams do you get that have email addresses within the body? I just searched my trash (where 3 days worth on messages are kept and searched the bodies for [at] and came up with 31 messages out of 497. THat was not even looking at the bodies to see if these were valid email addresses or some encrytped text. Well. Almost all spam I receive here has valid email addresses, since argentinian spammers put a valid email address to contact them and buy the product they want to advert via spam. Many of them use Hotmail account that get closed immediately when I report them to abuse[at]hotmail.com I hope you are not talking about the sending address because that is almost invariably forged. If the address is dead by the time you do the resarch, it is probably because the user was getting thousands of bounces and changed their address. Not that the user was actually a spammer. 18181[/snapback] Of course not, Steven. I know that addresses are forged/non-existent. I mean the body addresses, where normal users contact the spammer for buying the product.
StevenUnderwood Posted October 3, 2004 Posted October 3, 2004 I looked closer at those 30 or so spam and only 5 had an email address for contact. Most of my spam simply have a URL to contact the company for purchases. Perhaps US spammers have given up the practice of providing email addresses for the reason you are pursuing, people shut them down. Websites are easier to move around with redirectors and all.
Meneldur Posted October 3, 2004 Author Posted October 3, 2004 I looked closer at those 30 or so spam and only 5 had an email address for contact. Most of my spam simply have a URL to contact the company for purchases. Perhaps US spammers have given up the practice of providing email addresses for the reason you are pursuing, people shut them down. Websites are easier to move around with redirectors and all. 18206[/snapback] I've seen the same tendency: US and overseas spam bring URLs. Local spam is full of email addresses. And Hotmail accounts! That's why I'm looking to automate the process of parsing and finding email addresses. Any idea?
Meneldur Posted October 4, 2004 Author Posted October 4, 2004 Perhaps, it would be great if SC user could choose to parse emails or not, off by default.
Wazoo Posted October 4, 2004 Posted October 4, 2004 As previously stated, way back when, this was done. It was removed, not only due to that most addresses were found to be bogus, but it was also seen to be an issue of the actions of the general populace, that if an option was provided, it was "checked" ... no matter how obvious it may have been that there was a mistake involved ... even to the level of folks "checking" the box to report their very own e-mail address ... Standard suggestion is ... a paid member has the option to add additional notifies (with comments explaining) .. and anyone can generate and send their own complaints ....
bobbear Posted October 4, 2004 Posted October 4, 2004 Further to the subject of response email address parsing, for some reason I get lots of '419' scams, lottery scams etc and in the past I have used the SC parser on the response email address to derive the mx inf. and reporting addresses, but I have noticed occasionally that these addresses are not always the same as listed in abuse.net or derived from a registry listing and I just wondered is this a valid way to do it and how accurate & up to date the reporting addresses derived this way are?
Wazoo Posted October 4, 2004 Posted October 4, 2004 Accurate and up-to-date is one thing, results are another. The catch is that using the SpamCop tool-set to parse things like this call in all sorts of data. What you may be seeing in those results that "don't match" is some of the manual overrides manually put into the SpamCop database. Sometimes those addresses aren't meant to be used for oher than SpamCop, sometimes there are other reasons (non-response, so upstream is listed for example) ..... so for further reseach / analysis, try the FAQ here .. I've added a number of other sites that perform tracking and such ...
Meneldur Posted October 4, 2004 Author Posted October 4, 2004 I know, and I certainly agree with your point. I am a paid member since 2000, and my actual process involves using manual reporting. But I spend a lot of time looking for 'abuse[at]'s to report them. Much of the spam I receive here includes a valid email address to respond to the spammer. For buying, for obtaining a multimillion addresses database, for registering for a party... But the email is there, and it's completely valid. I take the address, do the research and send a copy of the report to that abuse dept. (sometimes, I see that all my research is wasted on behalf of the 'too many addreses for user copied reports' message). And they close the address! In these cases, SC original report would not be enough, since only the dialup connection gets reported, and ISPs need a dozen of reports to close that account. Then, the spammer go to another ISP, probably a free one, and start spamming again. If SC is not going to restore this option, well, it's a pity for me and many other spamreporters around here. But is there another way of automating the process?
Meneldur Posted October 6, 2004 Author Posted October 6, 2004 Look at this report: http://www.spamcop.net/sc?id=z679749322z97...&action=display Clearly, the spammer uses sd_pedidos[at]ubbi.com and sd_pedidos[at]tutopia.com to receive orders. I reported it, but the messages passed, and people will buy the product if none of these body addresses get closed. Tha dialup account used to spam may have been shut, but the spam payload was dropped. This kind of spam is generic here: valid addresses.
Meneldur Posted October 10, 2004 Author Posted October 10, 2004 So... ... should I stick to manual reporting when finding valid email addresses of spammers?
Miss Betsy Posted October 10, 2004 Posted October 10, 2004 If SC is not going to restore this option, well, it's a pity for me and many other spamreporters around here. But is there another way of automating the process? The only way that I can think of (to avoid the checkbox that too many people seem to check in spite of warnings) is to select /before/ parsing that it is a 419 scam or a spam that contains valid emails. Since that would confuse a great many people, it probably won't get done. It is great that you are taking the time to notify ISPs and getting addresses shut down. It shouldn't take a lot of complaints if you include the spam message. It is against the rules to send UCE so it doesn't have to be shown that it is bulk by receiving dozens of complaints. If it does, then you might do some more good by 'educating' some abuse desks. Miss Betsy
Meneldur Posted October 11, 2004 Author Posted October 11, 2004 50% of spam messages I receive have a valid email address. I could only press "send report" and let those addresses live. But I feel inside that the spammer did his/her job, and my action of reporting him/her was not complete. That's why I insist. Some of the ISP and sites that shut accounts in "my behalf" were: - Hotmail - Argentina.com - Ciudad.com.ar - Yahoo AR - Netizen.com.ar - two or three more... Some of them didn't close all the accounts I reported, but little is something.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.