btech Posted October 25, 2004 Share Posted October 25, 2004 I sent a report recently and got this reply from a host: Date: Sun, 24 Oct 2004 05:53:31 -0400 [10/24/2004 02:53:31 AM PDT] From: Wilbern Cobb <vedge[at]csoft.org> To: 1256359315[at]reports.spamcop.net Subject: Spamcop report id:1256359315 Headers: Show All Headers Hello SpamCop user, The spammer has inserted links to various sites here on purpose. This is not spamvertising, and in fact there is no text between the <a> and the </a>, so users of HTML-capable MUAs would not even see it. If you visit this site you'll see that it has nothing to do with the contents of the spam. Here's what the email in question looks like (btw, he replied regarding the posting of http://www.circumlocution.org ): Content-Type: text/html; charset="iso-0645-0" Content-Transfer-Encoding: 7Bit Content-Description: latitudinal norwalk.ramo <html>Hello,<BR><br> We sent you an email a while ago, because you now qualify for a new mortgage.<BR> You could get $300,000 for as little as $700 a month!<BR> Ba<A href="http://www.waist.org"></A>d cr<A href="http://www.circumlocution.org"></A>edit is no problem, you can pull cash out or refinance.<BR><BR> Please click on this link for fr<A href="http://www.congregate.org"></A>ee consulta<A href="http://www.serbia.org"></A>tion by a mortgage broker:<BR> <a href="http://centrex.moneyintelligent.info/s5/o0o.php?v2l=110">Start Saving Here</a> <BR><BR> Best Regards,<BR> Mathew Mackey <br><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR> </html> hermosa demurring mouth diopter westinghouse cavalcade nay col fosterite alistair converse inability deliquescent adair lied babcock bandy dwyercroquet proteolysis aboveground chinatown assassinate involuntary trillionth delilah conquer rhino accountant congratulate aster mallory frame crossroad moiety growimagen angie balm papery auspicious boson assign cholinesterase dooley tumble regiment chrysler participate moccasin primitive bribery atheism definitiondutch corp theoretic tolerable lineprinter ami sistine foley calamity impede capacitance chirp daredevil anyplace tetrachloride bart ecuador shirleycarouse embolden dharma brandy coralline reversion pain jovial antic crunch certitude tuff bella seymour acrimony ----173875737718872-- I've seen this recently, where spammers are either putting in unrelated websites OR this host is lying to me. I've seen sites added into spam that seemingly have nothing to do with the spam, so the question is: Should we still report them as a Spamvertized site? I would think the hosts would want to know that a domain they host is being spammed and possibly speak to the ISP to assist in the ceasation of the spam. Brandon Link to comment Share on other sites More sharing options...
turetzsr Posted October 25, 2004 Share Posted October 25, 2004 ...It's hardly new. <g> ...FWIW, I agree with you that, if I were being "spamvertized" in such a fashion, I'd want to know about it. If it isn't spamvertizing, then it is probably a "Joe job." Link to comment Share on other sites More sharing options...
Wazoo Posted October 25, 2004 Share Posted October 25, 2004 This isn't new at all. First of all, the type of link you are referencing isn't visible in an HTML rendered view anyway. So in reality, the idiots that follow spammed links wouldn't be able to click on them anyway. Thus, in this case, even if this URL went to a spammer place, it would be a pretty stupid spammer involved. Once upon a time, many were pointing out how obviously easy it would be to "ignore" any of these <A></A> links .. it was pointed out that the next level would be the <A>a</A> which would kill the first "filter" but then allow the same folks to point out how easy it would be to ignore the <A>a</A> links, which of course would lead to the <A>aa</A> mode ..... on and on ... Bottom line, this gets back into the "you agreed to review and make informed decisions" on which reports go out and where they go. In your example, yes, you hammered on a site that (at just this limited look) would end up being considered an "Innocent Bystander" What's a bit different in your sample is that there are so few of these links ... most seem to be shooting to trip the "too many links" parser problem. Link to comment Share on other sites More sharing options...
btech Posted October 26, 2004 Author Share Posted October 26, 2004 Bottom line, this gets back into the "you agreed to review and make informed decisions" on which reports go out and where they go. In your example, yes, you hammered on a site that (at just this limited look) would end up being considered an "Innocent Bystander" 19218[/snapback] I can see that side, but if your website wasn being sent out in spam email, wouldn't you want to speak to the ISP that was in charge of the IP in question? I don't want to send out "bad" reports, but I also think the hosts should know what is going on. Link to comment Share on other sites More sharing options...
Wazoo Posted October 26, 2004 Share Posted October 26, 2004 That's really a hard question to answer. If all ISPs had folks that understood these things, then sure, an incident report would be a nice heads-up for a number of folks involved. Unfortunately, these days, you have to remember that there are trigger-happy ISPs out there that upon receipt of a SpamCop report about anything, anything and everything related to the report gets pulled. Then you go with that there is only a small percentage of folks in the world using SpamCop, there are so many others analyze and report on their own .. some of these folks may take the time to notify everyone involved in this piece of spam ... and again, the intended target for this crap won't even see these links ... they are there just for those few that really "get into" reporting ... Link to comment Share on other sites More sharing options...
agsteele Posted October 26, 2004 Share Posted October 26, 2004 ...It's hardly new. <g> ...FWIW, I agree with you that, if I were being "spamvertized" in such a fashion, I'd want to know about it. If it isn't spamvertizing, then it is probably a "Joe job." 19217[/snapback] We had this with some of our domains awhile back. I was grateful for the heads up BUT the person who reported us via SpamCop nearly got our sites suspended by our rather over-zealous upstream provider to whom all reports go because they are listed as owners of the IP block. We had to spend quite sometime educating the abuse desk guy to understand that there was no benefit to us to have a blank URL link in the body of the message. So alerting via SpamCop may not always be helpful to the innocent bystander. A well meant report can lead to penalties being imposed in error. Andrew Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.