JohnS Posted April 3, 2019 Posted April 3, 2019 Message is larger than maximum size, 50000 bytes. Truncate? I have been getting spam from a spammer that moves their host about every few weeks to stay ahead of the game. (About the time that the host shuts them down.) I have been receiving spam consistently from the same source, and send in the SC reports regularly. I believe now the spammer has figured out a way to circumvent the SC reports, by filling up the email with lots of superfluous information. When SC parses the decoded email body, it gives me a message above (Truncate?). I of course say OK. If you click Cancel, it just returns you back to the input screen. In the past, the parser would still find the source links in the body of the message. Now there is so much extra stuff in the first part of the body, it never finds the source links because it is truncated. So I have to go into the source, find a breakpoint half way thru the body of the decoded email body, and cut/paste from that point to the end. (A lot of Extra Work.) If I do that, it then finds the source links. Any way to allow SC to parse the extra data to find the source links even if it has to process an exceptionally large email body? Clearly, the spammer has built a better mouse specifically with the purpose of fooling SC. It works. Any chance of improving the mousetrap? Quote
Lking Posted April 3, 2019 Posted April 3, 2019 Welcome to the forum. Short answer: No Longer answer: Finding links in the body of spam email is the lowest priority for the parser, after identifying the source and sending spam reports. With those priorities it is a mater of allocation of assets i.e. CPU cycles. And there is a cascading impact. If a link is found in the tail end of a large spam, the spam report also becomes larger than 50Kb to include the link; even more cycles and outgoing bandwidth. The CPU cycles and bandwidth all cost money, which makes it a return on investments. Although Cisco, the current owner, may have deep pockets, the 50Kb limit was established back in the dark ages when SpamCop was privately owned. Quote
petzl Posted April 3, 2019 Posted April 3, 2019 6 hours ago, JohnS said: Message is larger than maximum size, 50000 bytes. Truncate? If SpamCop did not truncate everyone would be in a queue so it will only target source of spam to speed up processing for others Of course you can forward as attachment to abuse desk from your email account which I often do (spammers have my email address at anyrate) https://mailsc.spamcop.net/spamgraph.shtml?spamstats At bottom of report I put this in as a signature offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader Quote
gnarlymarley Posted April 4, 2019 Posted April 4, 2019 18 hours ago, JohnS said: Now there is so much extra stuff in the first part of the body, it never finds the source links because it is truncated. I used to want to have a higher reporting preference for the links in the body, until the spammer one day about two decades ago used an website from my company in one of their spams. The spam came from a prominent university and the administrator mistook the link for the source of the spam. This nearly got me fired for being the recipient of the spam during the argument that ensued. Since then, I don't care as much about the links in the body and I know those can be spoofed (as well as the Received lines in the header), but the IP that my mail server records as the source is the only one I know that I can trust as being accurate. Quote
klappa Posted April 6, 2019 Posted April 6, 2019 On 4/4/2019 at 12:07 AM, petzl said: If SpamCop did not truncate everyone would be in a queue so it will only target source of spam to speed up processing for others Of course you can forward as attachment to abuse desk from your email account which I often do (spammers have my email address at anyrate) https://mailsc.spamcop.net/spamgraph.shtml?spamstats At bottom of report I put this in as a signature offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader If you already forward your spam to their abuse department why do you also use that signature? Quote
petzl Posted April 6, 2019 Posted April 6, 2019 (edited) 14 hours ago, klappa said: If you already forward your spam to their abuse department why do you also use that signature? Abuse desks are not always known to be the brightest crayons in the pack AmazonAWS for instance! They require a "copy and past" then contact the spammer they call a customer with a free trail account However their Russian crime gang spamming me only uses throwaway email address, web sites, with fictitious names etc. Gmail and their "cloud" finally seem to of caught on and mark their spam as dangerous (which it always was and is) Quite a few a upset about a EML attachment rejecting it? Yet others, the clever ones insist on it, China for instance the REAL Peking abuse address! Edited April 6, 2019 by petzl Quote
dr_bobbs Posted November 18, 2019 Posted November 18, 2019 Of COURSE I want to truncate! (I'm not smart enough to have a better idea.) So why do I have to answer this question every time? Can I just set a preference somewhere to automatically answer this question by "Yes" and proceed? How would I do that? Quote
petzl Posted November 18, 2019 Posted November 18, 2019 (edited) 23 minutes ago, dr_bobbs said: Of COURSE I want to truncate! (I'm not smart enough to have a better idea.) So why do I have to answer this question every time? Can I just set a preference somewhere to automatically answer this question by "Yes" and proceed? How would I do that? Just trim of the body, hit enter twice, then you submit. Long spam submissions slow down the parser sometimes cause SpamCop to hang. Sometimes you can set your mouse to "Auto-find" my computers a touch screen so not a big deal for me. Edited November 18, 2019 by petzl Quote
gnarlymarley Posted December 3, 2019 Posted December 3, 2019 On 11/18/2019 at 12:36 PM, petzl said: Just trim of the body, hit enter twice, then you submit. dr_bobbs, One thing to note if you forward as an attachment to your submit address, submit.XXXXXXXX@spam.spamcop.net, then it will automatically truncate for you. Quote
petzl Posted December 3, 2019 Posted December 3, 2019 5 hours ago, gnarlymarley said: dr_bobbs, One thing to note if you forward as an attachment to your submit address, submit.XXXXXXXX@spam.spamcop.net, then it will automatically truncate for you. If you are a paid subscriber I believe it still counts/deletes your megabytes. Quote
+BFsej@2n Posted January 1, 2020 Posted January 1, 2020 An extortition scammer has resorted to generate the message html body as base64 encoded image and thus invoking the Quote Message is larger than maximum size, 50000 bytes. Truncate? --_004_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: multipart/alternative; boundary="_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_" --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 W2NpZDphdHRfaW1nXzMxNDA2MF0NCg== --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: text/html; charset="utf-8" Content-ID: <AD9F277AF4CD694CB27ED0171AA18562@eurprd05.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxobGZlb2o+DQo8L2hlYWQ+DQo8Ym9keT4NCjxn Y3RnZmphbmQ+PGltZyBzcmM9ImNpZDphdHRfaW1nXzMxNDA2MCI+PHpqeW1idGh6eG8+PHRseXpy Y2h5Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_-- --_004_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: image/jpeg; name="1577826089447.jpg" Content-Description: 1577826089447.jpg Content-Disposition: inline; filename="1577826089447.jpg"; size=142669; creation-date="Wed, 01 Jan 2020 05:01:46 GMT"; modification-date="Wed, 01 Jan 2020 05:01:46 GMT" Content-ID: <att_img_314060> Content-Transfer-Encoding: base64 Quote
petzl Posted January 1, 2020 Posted January 1, 2020 When you get Base 64 encoding (a lot of) best to just send headers only, then hit enter twice and write truncated, this saves your paid data allowance. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.