Ross Posted May 4, 2005 Share Posted May 4, 2005 I reported some spam a few minutes ago which had obvious links in the body of the message. They weren't java scri_pt or strewn with fake HTML tags or encoded or anything. In fact it is some of the least crappy HTML I have seen in spam. Maybe they used bad MIME section names or something (I don't use MIME so I just see the whole thing as flat plain text). Anyway, the message is here: http://www.spamcop.net/sc?id=z759706311ze9...1e478f889201a0z The parser says: Finding links in message body no links found Thanks. Link to comment Share on other sites More sharing options...
Jeff G. Posted May 4, 2005 Share Posted May 4, 2005 Ross, that attachment structure is very weird. Exactly what are you using between OE6 and the SpamCop Parser that might have made those modifications, or are they in the original? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 4, 2005 Share Posted May 4, 2005 Maybe they used bad MIME section names or something (I don't use MIME so I just see the whole thing as flat plain text). 27611[/snapback] The MIME boundries do not match to start with: Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_9E6D4AD1.3E34456D" <> Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_D2A5AACB.839C6825" There is also no closing MIME boundry. One other thing, where did all of the Part 1: type things come from. Are they in all of your messages or just this one? Headers (including Mime headers) should not have any spaces before the colon IIUC. Link to comment Share on other sites More sharing options...
Ross Posted May 4, 2005 Author Share Posted May 4, 2005 Ross, that attachment structure is very weird. Exactly what are you using between OE6 and the SpamCop Parser that might have made those modifications, or are they in the original? 27612[/snapback] Oh man. You're right. I'm used to MUAs which don't mess with anything in the message. I'm not using OE6, just sendmail -> inbox -> mail. However the sysadmin has silently replaced my mail client "mail" with "nail" which looks mostly the same but apparently tries to interpret MIME when displaying the full message. If I export the message to a file it is no longer corrupted. I tested it with the parser and it works as expected. Sorry for the bad report. Link to comment Share on other sites More sharing options...
Jeff G. Posted May 4, 2005 Share Posted May 4, 2005 Thanks for the feedback! Link to comment Share on other sites More sharing options...
get-even Posted May 5, 2005 Share Posted May 5, 2005 Anyway, the message is here: http://www.spamcop.net/sc?id=z759706311ze9...1e478f889201a0z The parser says: Finding links in message body no links found 27611[/snapback] Latest multitrade group spams all use this method to avoid SpamCop. BTW. The registratations contacts' telephone number is disconnected, and the domain of the contacts' email address is falsely registered also (non-existant Washington state address - listed voice number is a fax machine in Delaware state). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.