Need to check other URL hiding places

[kae]

Got this today. It looks like the spammers are putting in bogus http addresses, but linking their images in the SRC attribute. The silly thing about this is that you get a visable ad, but it's a useless ad because the link doen't exist. The only thing that exists is the picture in the SRC statement. I wish there was a way that the parser could find the existing SRC information.

<HTML>
<HEAD></HEAD>
<BODY><DIV><FONTSIZE=2></FONT><STRONG></STRONG>
<font></font><FONT></FONT><font></font>
<A href="http://qxwauxjcie.org&ytut6l9hapo4tz65ky9%2Eorbletmcagi%2Ecom/">
<FONT SIZE=2></FONT><FONT></FONT><font></font><IMG SRC="cid:yvenurt_qtmzzg_efrqz" border="0" ALT=""></A>
</DIV><p><FONT SIZE=1></FONT>
<FONT size=1><FONT SIZE=2></FONT>
a complaining tone, and they all quarrel so dreadfully one cant<br> <FONT SIZE=1></FONT><FONT></FONT>time I was dressing; and gave me, I was conscious, a sneaking and<BR>first time of what a desolate wilderness that inn stood hidden in;2<FONT SIZE=1></FONT><font></font>
</FONT></p>
</BODY>
</HTML>

Of course this could be some spammer using someone else's images. Don't you think they would want to know about it? It's just a thought. Probably a bad one.

[Wazoo]

This isn't a very good "new feature request" ... rather more a Reporting problem issue. As a matter of fact, I had just posted a copy of Ellen's newsgroup posting in response to the same user posting the same query 'here' .. dealing with the ampersand character in the URL, just as seen in your sample. (see http://forum.spamcop.net/forums/index.php?showtopic=4165 )

I'm not sure how you would expect anything to track down the SRC item in your sample .. it's basically just a file 'name' (assumedly also an item contained within the spam itself .. no Tracking URL provided to 'see' the spam sample)

Note also that the SpamCop parser does not try to track down images, based on so many of them being fodder placed by the spammers that end up being Innocent Bystanders.

As far as chasing down, identifying, and reporting URLs, please see the Forum FAQ, entry titled New! SpamCop reporting of spamvertized sites - some philosophy

Upon reflecting while typing this, I am in fact going to move this Topic to the "Reporting Help" Forum .....

[kae]

Thanks for moving this to a better place. As I was hitting the Post key, I realized that it wasn't even a good feature request. Thanks for the FAQ link too. That was an interesting FAQ pointer. Sorry about not saving the tracking URL. The email didn't have any attachments (except the html body). Unfortunately, I can't find the URL or report id for the one I was talking about, but I knew if I waited long enough, I'd get another one.

I didn't have to wait long. I got another one a little while ago. It's the regular Pharmica spam (ie. buy some drugs from us).

I'm not sure which tracking URL is good to post with but here is the two report ids and their parsed links that were saved.

Report ID: 1425154873 Parsed Report

Report ID: 1425154874 Parsed Report

I don't know what kind of link that "IMG SRC=" attribute is pointing to. Seems like the "cid:oifmhzs_krpuyq_vsbni" gets you a pharmacy advertisement, but I don't recognise the "cid:..." or what it means.

Anyway, Thanks! If anyone knows anything about the cid: stuff, I'd be interested. I'll go search for it and see if somethings been posted about it before.

[Wazoo]

Content-ID: - http://www.ietf.org/rfc/rfc2111.txt

Tracking URL is identified on each parse result page, described in the SpamCop Glossary (found as a link in the Forum FAQ) .... your offered links (Report ID only good for you and SpamCop staff) unfortunately are using the http://mailsc.spamcop.net/ construct which limits access to paid members (in addition to SpamCop staff) .... changing them to http://www.spamcop.net/sc?id=z763635205zad...60a4e2bac9e2bcz (for example) would allow even me to take a look at your sample <g>

Actual analysis of the real spam can't be accomplished from this side of the screen. Spent a few minutes trying to figure out why I wasn't able to simply point to "the issue" in your submittal, then after starting at the top and working down again, I noticed the 'problem' .. the line;

X-SpamCop-note: Converted to text/html by SpamCop (outlook/eudora hack)

Data lost between the actual spam sent and the parsing engine output .... so I'm not seeing the "real" spam ....

(SpamCop Glossary updated while I was at it)

[kae]

You're right about there being an attached image on this message. I finally saw the gif file when I sent it as an attachment. Still don't know if that IMG SRC does anything or if the attached gif image just shows up. I'm not an HTML jockey.

Anyway, I've been trying to figure out sending a report via email, but I've not had any luck yet. I'm using Outlook 2002, which means that I have to jump through hoops to even see the "real" headers (not to mention trying to see the real message). This is what I got when I tried to forward (as an attachment) one of the emails. Is there really anyway to report spam via the Spamcop's Email reporting feature using an Outlook product? It seems like even when I forward the email as an attachment, Outlook removes the important header information. Here's what I got for header information when I tried to forward a spam message to SpamCop as an attachment. If you can find an "message/rfc822" attachment, you can see that it looks like some real headers, but all the Received headers are gone. The only Receiced headers in the message are the ones from my email, not the forwarded one.

I guess my question is this: Does anyone know if there is a way to use spamcop's email reporting feature with Outlook 2002 or am I stuck using the web reporting feature?

Also, since I think some of the spam contains images that I can't seem to report directly does that disqualify it from getting reported?

Anyway, here is the message that was bounced back from me trying to report a forward via attachment spam email message to spamcop's email reporting.

I tried to cover my personal information, but I know I left some

SpamCop encountered errors while saving spam for processing:
SpamCop could not find your spam message in this email:

Return-Path: <XXXXX>
Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com [192.168.18.81])
        by sc-app5.eq.ironport.com (Postfix) with ESMTP id 624142F926
        for <XXXXX[at]spam.spamcop.net>; Sat, 14 May 2005 22:01:21 -0700 (PDT)
Received: from quake1.xnet.com (198.147.221.67)
  by sc-smtp1.eq.ironport.com with ESMTP; 14 May 2005 22:01:20 -0700
Received: from P450 (typhoon.xnet.com [198.147.221.66])
        by quake1.xnet.com (Postfix) with ESMTP id E66DE7A4D
        for <XXXXX[at]spam.spamcop.net>; Sun, 15 May 2005 00:01:19 -0500 (CDT)
From: "XXXXX" <XXXXX>
To: <XXXXX[at]spam.spamcop.net>
Subject: Re: earthbound Sodium Liothyronine
Date: Sun, 15 May 2005 00:01:19 -0500
Message-ID: <001301c5590b$21a2b1f0$640a0a0a[at]P450>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0014_01C558E1.38CCA9F0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

This is a multi-part message in MIME format.

------=_NextPart_000_0014_01C558E1.38CCA9F0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_0015_01C558E1.38CCA9F0"


------=_NextPart_001_0015_01C558E1.38CCA9F0
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit




------=_NextPart_001_0015_01C558E1.38CCA9F0
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">


<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {font-family:Arial;
        color:windowtext;}
[at]page Section1
        {size:8.5in 11.0in;
        margin:.2in .2in .2in .2in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'> </span></font></p>

</div>

</body>

</html>

------=_NextPart_001_0015_01C558E1.38CCA9F0--

------=_NextPart_000_0014_01C558E1.38CCA9F0
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment

From: "Jerrold Ferris" <Sxpvhbb[at]apcoa.com>
To: "Barry_grant" <barry_grant[at]xnet.com>
Subject: Re: earthbound Sodium Liothyronine
Date: Fri, 13 May 2005 18:34:35 -0500
Message-ID: <4239415275.64513[at]apcoa.com>
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_000_000E_01C558E1.38CCA9F0"
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-NAS-Language: English
X-NAS-Bayes: #0: 1.62632E-150; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 115
X-NAS-Validation: {2C7A8CD0-78FA-427F-BF86-AE333A20DC52}
X-IronPort-AV: i="3.93,108,1115006400";    d="gif'147?scan'147,208,217,147"; a="226593314:sNHT89254660"
X-Original-To: XXXXX
X-AntiVirus: checked by Vexira MailArmor (host inferno1.xnet.com)
X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade2.cesmail.net
X-spam-Level: ***
X-spam-Status: hits=3.5 tests=HTML_IMAGE_ONLY_08,HTML_MESSAGE,MPART_ALT_DIFF version=3.0.2
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 198.147.221.67 198.147.221.81 127.0.0.1 198.147.221.71 198.147.221.81 82.233.54.157 111.9.21.142 

This is a multi-part message in MIME format.

------=_NextPart_000_000E_01C558E1.38CCA9F0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_000F_01C558E1.38CCA9F0"


------=_NextPart_001_000F_01C558E1.38CCA9F0
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit



a complaining tone, and they all quarrel so dreadfully one cant
time I was dressing; and gave me, I was conscious, a sneaking and
first time of what a desolate wilderness that inn stood hidden in;2 


------=_NextPart_001_000F_01C558E1.38CCA9F0
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DWindows-1252">


</HEAD>
<BODY><DIV><FONT =
SIZE=3D2></FONT><STRONG></STRONG><font></font><FONT></FONT>
<font></font><a =
href=3D"http://qxwauxjcie.org&ytut6l9hapo4tz65ky9%2Eorbletmcagi%2Ecom/">
<FONT SIZE=3D2></FONT><FONT></FONT><font></font><IMG =
SRC=3D"cid:yvenurt_qtmzzg_efrqz" border=3D"0" ALT=3D""></a>
</DIV><p><FONT SIZE=3D1></FONT>
<FONT size=3D1><FONT SIZE=3D2></FONT>
a complaining tone, and they all quarrel so dreadfully one cant<br> =
<FONT SIZE=3D1></FONT><FONT></FONT>time I was dressing; and gave me, I =
was conscious, a sneaking and<BR>first time of what a desolate =
wilderness that inn stood hidden in;2<FONT SIZE=3D1></FONT><font></font>
</FONT></p>
</BODY>
</HTML>


------=_NextPart_001_000F_01C558E1.38CCA9F0--

------=_NextPart_000_000E_01C558E1.38CCA9F0
Content-Type: image/gif;
        name="Jshxj.GIF"
Content-Transfer-Encoding: base64
Content-ID: <yvenurt_qtmzzg_efrqz>

R0lGODlhXAEQAfcAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8AAAACEhKSEpISExQikp
KSkpMTExMTFCYzFSezFahDk5QjlSezljjEJCQkJCUkJjjEpKUkprhFJS91JrnFpaWlpzpVpzrVpz
tVp7nFp7tVqEtVqMrWN7pWOErWOMtWOUvWOUxmtrc2t7tWuErWuEtWuEvWuMpWuMtWuMvWuUvWuU
1mucvWucxmuc1mul72ut53Nzc3OMtXOMvXOUvXOUxnOUznOcxnOc3nOlznOl1nOl3nOl53Ol73Ol
93Ot3nOt53Ot73Ot93Ot/3O173uc3nulznul3nul53ul93utznut3nut73ut93u173u194RCEISE
hISc1oSt3oSt54St74St94S13oS154S174S194S1/4S994xKEIyMjIyt1oy13oy154y174y194y1
/5RKEJRSEJRSGJRaGJS13pS155S93pS955S975xSEJxSGJxSKZxaEJxjGJxzGJy175y996VaIaVj
GKVrGKW1561zEK2157VjCLVjELVzGLVzObVzUrV7GLV7UrV7WrWEObWMMbW1vb1rCMZzCMZ7EMaU
GM57Ic6EEM6EGM6MEM6UEM6UGNaMANaMGNaUENaUGNaUIdacCNacGNacKdacMdatUta9nNbW1tbn
/9bv/96MEN6MGN6UEN6cCN6cEN6cGN6cId6lSt61rd69WuetGOe1KefOvefWzu+1GO+1Ke/Oe+/O
te/e1u/e3u/3/+////etEPe1CPe1EPe1Kfe9CPe9EPfOMffOc/fWnPfWpffWrffea/felPfe1vfn
pffv5/fv7/f37/f39/f/tff///8AAP+1CP+1EP+9CP+9EP+9GP+9If+9Kf/GCP/GEP/GGP/GIf/G
Kf/GOf/OOf/OQv/OSv/WSv/WUv/We//eWv/eY//ea//ec//nlP/nrf/vhP/vjP/vzv/33v/39//3
////7///9//////78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////ywAAAAAXAEQAQAI/wDrCRxI
sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN
mzhz6tzJs6fPn0CDCnXIr2hRgUaPIkzKj2BSp1AHPpVqlGrTpkiHat3KNWtBrF4Ngq0HtqzUqGSj
jjVL9urYrnDj4nybFq3dumzreqUb9mvWq3IDC57JtK/eu1jzrjXslG7is4MjS07p2G/bx2qrQt5r
9SvfyaBDm6x81zDmxZDf8v0surXrjaQZ91W8WS9q1K9z68ZY+LLSg71nW1WtGWnx3ciTK1/OvLnz
59CjS59Ovbr169iza9/Ovbv37+DDi/8fTz60AIHnP6Znvl79wfbpBcgnOL+g/Pr17rdHvz+h/oH3
0Qefffj9p9B++sVHH3/nJTifgQIeiB9C/UUEoUUVwpWhRhUOiB6B9i2YH4AgMuThiBGSGOKHKlK4
oogsotiijAhuuN6GMlJ0I0Y4btVfgCwqyKCADQI5444qImmQkij2aKOITMbYI4wxHjljjkwK+WKQ
Rgp5oZEwKvgggAVOOOVQCCYZpJRV5ggllVpmmGWbS/r3Jp3wnVljl1Wm2aKHHa6IpJdq4pnkoCQq
eaZQfjY5YoMM1memi1jeSaOkYDp6oJ2FuunphO9t2ambeYKqJZWaahpnpD/yOWp+EC7/GlSjYj5K
J3+3pnqpgX6e6uCmlMLKa52hcnrlmlcCSmSmpLKp6quiVtossTpJIxGtf2Zr6ZLYaossjWEW66y0
P1ppKKpkinrinNQqiiyi58LJZpSRJTikt8KSmed7pfa5rLnrUtilpFD+N/CkBAZob7r6yjuqnAg/
C+690a5b5onlvSRrSBtn7DFKHbv38cgkl2zyySinrPLKLLfs8sswxyzzzDRnzMHNOOes88489+zz
z0AHLfTQRBdt9NFIJ6300kw37bTQCnEgl9Q1v0S1VlcjlDVXW1etUtdAgU2Q2EKR7XVJZvOUdto/
sX12SG7ntPbUb7MUN05zx3V33Rzt/21T3nD5zXdGgtMEeFeFD25R4jIdzrXiKDEek+MUSUNEEkpg
0cQSR0gBhRjWkiQ55BGNbvVCptdDRBBQlJHEGGOQUYYVTSjBhuikm5R6S5RP9IQQUYjBxhivj8HE
GmMokUMvIu0uG2Cl+dbYVNGrBMD12A8EgEDb19P95BJ9D1PvEW0xQxc/OAFFEk1YscYXdsTeBg6n
wM3RaodBX1tewrHmEPbiA2BDxOe9gnSPgC4RHAEBeD3tZe8gAnRgAxlCPoj8AAUqeMIPhkAFKiBh
C11gwxrYUIYqGMEPIHGeafpXGszs7zDhI8gBZciQBRqQezPxGwNxaJAA9pCGBdQeBf9RhxEQxIAH
LwDCD7ZAhTSAgQpDiIIXqvC6I9jhIyqEoQvTghuxWOYvG5mhEBdiwyCK0XsTXMnetlfGG44RiDz0
IRGjhhEMiGAHLkCBEIaAhj7UQQ1hoAIUhtCFKxQhCMzrSBZtsxnaLOWL/LPIGYOokDKK8YwI1B1E
2GjACFLykzyMIxwTUkGIUMACPIDBCJ4wBTrwwhSEmAMXngCFH9yABjDwyCIdyciwTIUpuPHfANMo
x0ruUJRmHF9E0gjBUILyk5PMZEFKCRENTGAHL2CBDQQhhycMoQZCAII4aQCER+jyI/rDCzAZ48K1
rBMj0awhQi4pQd6Fj5lwPGYnH4j/Rn6Sco4ZOUMFTuCCE5yABDJQAQpS0AMfzEAGO8AiOvO3Qhji
BS2qyUg8yThPZI4ycjF8pkil+caPHoSaESlFAzKwAxiUoAUF3UELWoCCHaxAohOFCv4oKhyL+lSe
YyxmQqRJT0qSdCQK9OgzherMkv6Tjh3xQAQk0IEPxMAFJjDBCUKwgRSCJKM7lV5tuAgciniyn0d1
alBD6c+UrPGscMXn99ra1qfatSNauAAEHuCABTDgAjqwX+5wt8wcAhRxgyXsJg0L1cAlFqmPayxi
HytYrB02spTFqWUli9nMKrKzJ6WbZ8+5FZT6ZJGjRe1JTNsT1WbWtWi7bGlHS9rN/5LyabjNrW53
y9ve+va3wO0tZ2dL276B1iCwBWlxN5JcyA7XtsvFSHObJ1voRndxx52maK97kelWVmvb5W5FvOvV
5w6FvJBDb23Bm5LQfVa82CXuXU9Cj/XCVyLqfe98HVLfhNR3Hu9QhjlwYQ5zGAMeA+kvc+873uyO
jSPPwEUwgHGNClcYGxW2RSzK6zEGzlWpCQTqTaipYIPUlx70mMcxgkGNa1ijwtbgBoytUY1rBIPD
6olYm8rFqo7EFZ8d/egkQ8zRZv5QhnXlnj/PGlrzQkQeswDGMCxsjSpvYxvWwIYvqlENVsRDsx5x
V6LQdSpPVUSOTDWyU4dsT2Pyk/+uzEwzmk36YCc/ZBbCcLGFK+yNb3wDG9Wgxi9QYQhdgJkjvVoQ
xr6VK3g6M62gLOpcgazJoYp0pKNE4JzVWuf9MkTB9GDHL/bMDW8QgxzjGEc2qvELX0gCEoVoxKE3
IidFk7nRPn60iJFZ1Es7t6NEVTM0j6zUo7I2IcUAxou78Q1xoMMd5yiHN6oBjE9UQhKRoAQfSqwR
1dZ6XDzO10feTOd9kjuZvq70UINN7GG7sdh2rsfomDHqbhADHeuIRjvKEQxtrOISm7CEJhQBiFrM
mkPBEjOZQ/aQjVYyyJikdGzJCORMLpDJSn4zxjvNXovcosLhUEc6koEOYrCCE5j/uMQlWqGHP+wC
x4imlIPKbOaaO9rdDzcymyF9cDe2sdzpxrSnOY4Q9xpEGvQYBShsAQ5yhEMWqdjEJjKBCVUM4g6I
oK7ICpVoQUXrzEBMc7vD7lGe21fn7y63nIXd5KFDBBmvEAUoOtEJTmSiE5gAxSHM8IdlcFu/Yc5W
oHjcKI0uOcljX6tRJa5YCP6YmJ6kaz2RDGnW/j3BjghFKzzhCVdwYhJvcEMeaCGQyy+YY5MavL1u
dCHxsM3saqzuQUxfD3rkIg56CMQesgAHPCTCGSc2es8ZPMQij1j2EoEGKRbBCFg042vEn0h+jRvv
tkUfvw4eyPSHf/2Onxf5Qdn+/9vETzjwh637ECG/dM1vffQ7RP3dZf9p3f/+7AsE/t2mf0Pw3+Dq
z1//8ic3qBNcBFiABniACJiACqg0ANiADviAEJhYCziBFFiBFniBGNgzAag2EYhc9idv4dWBIChf
3veBAMh/FHFsO4GCMsOC2Od/rSWCRBd+G7iCMqh9H+iC/XeDOph+NXh0ofMM9gAP78AOxnCE5lAM
xaAMzPAO74Bg9SB863eDI2hdHogR9jCE73AMxoALuKCEShgLuGAM7AAP9lAPvAB4ItiDD6GCCaGF
x+CFsTCHxUCHYkgKubAMz3B2EZg4sKd1bvcQcEgKsQCGc0iHdYgLpEAKtZCF1P/Hg2bVQ0lGVIfH
ePf3gwUhD/VgD1uIC4f4iaCYiHh4hqf3MR6meH/4XQ0XQUxFaZvWVNoFgwghD0PIDp4YC6+Qi+OA
i7n4iXUYC6QAhfnXEQVgEAVwjMhYjMVojPWgjMl4jM34jMxoVpXIcz+HbqdTWD/nQxZHdpyGg7KI
EJx4DLyYi+ZojrsIiqNQC9BQihuxjAQBj/F4EMo4jwMhj804j/j4P94Ii2NnSeCjjWn3YUIHb4FY
hRTxDMuAC+YIDuBwjuc4Duc4CqTgDO6oEfu4jwKBj8sojx5ZEB+pkYWFc5bmjRGXisO4TJp2bgWJ
jenmhgbxDLnAi8EAkTY5kaT/8HIp+Y7T2JMb+ZP3aI9BGZQiuVgkGWSoWHbQNxEsaUanaG6ThniX
GI4GEQ/wgAyjkIuuEAw1eZMQOQr3UAoXmREZ+YzweJZDCZRqqZZoyZTEBHQSdG69FntMaZBw6Y/G
hokEYQ/NcAxZGQyu4ApeKQq5SJivMApnIJY7iZE+CZJp+ZH3KI2PeREOV5JHdpJ0GVKVqWtp943g
eJALMYS5kJWvEJheaZOIqZjlR4yN6ZiQuZZtuZFmKUmcmXOXCYsoOYWb9HjCFpX7VHygqRD28AxY
qZWniZphOZYYkZEKUY9pmY/PGZtrOUD9GHSXJmmeqYoNF5DB+YbP8A4MeZyA/wmRi5Cci0mWremY
QgmdsDmd7klxcSaVald2lqid/KhMVFkQ8fCd4WmTgbmVgWmYr4AIOamcFzGbZsmR6tme+kiP2cGG
9ZefBPEMzwAPxkCaopChpbmVXCmY5rgIiUAL7XiefZiDFrGfCkkKo0CaXAmYqQCg5sgIMkqKJAqB
ELp/ejkQWTiEtaCicUeY/7mVhimj90B6jyiDNwqcJQgR7bijz9CjpOmVzFekfGijJmoRw5mF8NCj
sbCi5DmltGCRatiBSWp+o2MP8bCjnJgLpCCji/Cmb8oIjBiFaXika3iljkWFZRpve4qjeoqnkwWJ
JNh2gYqkgGqC+tenSxqLef8qqFbIqIV6p4OKXBlYqZZ6qZiaqUUjocf3p5MKqYhKf4pKqKT6qVZq
qp8ZqWR6qKjqgKN6hd3JgZ76qDNIqw/4qqAKqxlhOZijOZzjOaADiIbaqgiJEavTOsUjO7RjO/Z5
qrY6lRrxO8EzPMVzPMmzPNwXHk+Jbrk5pufHqQdhPuijPuzjPvAjP/RTpXaRGL/RFmJRHNRDFQkR
r5cxPcB0HJIYn/UZaT6Hn9RZEzCZEBeUQRvUQR8UQiNUQifkrV/US/K6rr7kGY/USBTrRcbnkml1
jWy2lP/6j9U4Tx9bqrlaEUaERErERE4ERVJERWNgRXZaVhXLGbLhsBdlsQ3/W7M3C1RiJ2S8NnnK
VUORF2fVqWlDK7K1ShF2hEd6xEd+BEiCREiGhEgGahld1E4Ty1Of0a5aZBztKky3mZ38yq1s5VbU
yW6cuXaK548BmxCnlEqr1EqvFEuzVEu3lEs1SrUQ67CaQa9b9K5j1bczm68llbH6hJ12U7ZI6W5o
a5dHm6oZYU3YpE3c5E3gJE5AQE7mdLdqgVG9kVE46xtaa7GeG1b3ubPf2GvyCXPrlrivuFRFq6tG
axECRVAGhVAKxVAOBVEvuxSey1NYG7MWFUzAO1Y6e5fstnNk+z8Vl2lxaXFBm2RruxAqxVIuBVMn
IFM0ZVO7CxzutEXdyz/e/8u9WnscpMu6tZm4Jjm2P1u8zMtpGct20LqoGiFVVGVVWKVVXMWwy8Gb
F5u+Gcex7Du4JrW45Ra9DpFXe9VXfxVY+uuqw1SNURlAcuWz/yu/jkusJ7idAJujf0OFxWqbjBWr
Njir3weuG0zCZcPBJ+yoJSzCOoGrIwPDFzyyLTysz/rBN5zBxCrDsLuqOxyCPnzDPEzDt5qDmnrE
SJzESpyAHtzETvzEUBwdSzzFVFzFVnw0JhzFNpPFWkweZjPEXWx/YBzGz5pFCsqeZOwcX8ya9tiR
P9GtaQx+ZqyebuwR/BtSlCfBEnfHHrzGFIGMCwqUzujGHQmNP2nIhtxum//5wBPUukSbttbZgH4s
EZI5nXV8lnUMnYicye1rusA2kOd7tnfpwC4cmYD8nJrMlg7KntIpwEcpT9sYyoo7ypLMqZWMxqnM
yvF4yrGpkY58T6D8yr/MMnDceD38EKeMypc8mYLMzPnayLQsuM07zc8cwcXcHWaLVpC3xyEbiIvU
y6osyJncymgHthAHv0HXjQ0xDeNRuEKryPD8yo2Lw8uZyJrMydA4zqhMbJ5cko8czHRmduw8EAMt
EAWtIweTIjt2MRBjKmYyc63XTNmszrj5uhZMz0EBZ/tazZT3m/kkVxtt0AQxDQV90NcSLgr9Kebi
MBNjZrLCSb0ZeQNs0bH/i9HOcc0WYdI6XQ8D3dMkLdJAzdNf5y8tjS/igio0Z3OOh740LcrZOcnU
gdM5TdAGwc49LdQifdVXjS4Acyz74h+F1yRg0jF1RVLW7HgaJ59QPThbXRBazdMk/dNCbdVYzdVE
TS+tIiHJcitk3VRmjc4BbWdjDBp0XdVZXddUTdcmbXOsNyxD7SQ7xtcjGctqRcBgu9aKs9hB/dMl
TdVBvSUKpyvjotLeQi9KDZV5HMEd/dEXV3lcPDMH7dOx7dn8cjF3bTAMLTAOvWi4BtjcWdMVcctA
IdWDQ9zc982BHBLPm5utndaUqK/GLV6YvZzJPW401M8c3ZL/jLFPPN0O/5HM+2zKRFnIu1yUn2zO
192ZsjzMTezdDCHc0XjG9yybzfyelobd6Z3artzJ0azDF92cyZgQidyW4FzdaC3LFJdzBLzINgzc
Ah7gzRnOBR7f5v1D+O3R/Ixx7N3H4ArelizhzEzOD3fh1em+8Uziifraya3Pulzf9gzL/Z2Ulf26
KC6qKg6SEC6bE47JuAzPKK5PaLXab8THHF7KOLHcdRnH6mrTzRHdSm7Tg/3kMWjkUg4e7l3lMRw1
V7zlXN7lU4zlYB7mYj7mZF7mZn7maJ7mar7mbG4TXvtTX/Ud9EoZD0G+XRtJ0PHmC/EboQuzfr4c
Jt1FdN4QbFHoMjsdev+uEHz+5qyR6JOx2FnL543U54WOr2Jl6b1k6GSl6ItO6ZPuSG7hGZKuFHZe
FqTuruxK6lVh6qyOP4DB6vbaGYH7Gprd54dutZAUsbn+PJLuS4CLUbruF6CeGmHFrhXbu6F+67qu
6cFLVrjO7MQbGjs9r997Fq0eG7gO7OyUGsRr7Dab7Tp17Nzu5977S4J+G+OOs+Aus6l+6nvRu7RO
24oe7PrjP8yO7d2e7pUBuPdeVsN+6Lsu6A8L78+u78E+7vy+P3guGm1ts+qet82u7Lse8Q+/uRS/
7i8k8Vmb7jT78Oiu8QZ/swVfUcpR2Lx7510r6iff7rzLtSc/Pd8e6bz/JPIo/+tipUWdDvNYa+e2
0esU7+vVXq/R3hqavRKOvhNHP+8lkfQyyPQ34fRXOxJQ3+ZUX/VWf/VYn/Vav/Vc3/Ve//VgH/Zi
P/ZkX/Zmf/buF6+UThx3LrFuP/D3yrXBca/2Thyi3ujvBLrwGvfDIb7fSz2qPvd8P774Svjvmvd0
f/dvbxyMr/ed3rnB0fgUwffu6rdyv/eNwb1un/iOH/iRf/iZf/mYzvl03+6Aj/ioP/imv7eqPxyn
706H/06c3/kPC/eiz/qyT/m2ThSwXvlvn/O+b+uG7/uLX/m77/e13/aW3/jDL/ywL/msv/neLvnU
H/zPf/Oh2/x4H/rE/2/808/8kc79x7/nyL4a39/z1c/94N/yoT/+ir/+xU/8qi797L/8vk7/8m/3
7e8YLJ/+2l//AFFPID9+AwsKNJiwHkGEChk2RPgw4kGJEC1erAgxo8ODGAsS7GgR5MiHJEEqnGjQ
5MWUJSmGRJlSZkaXKxeO1AizIc2XMXnmjMnxZtChO1/a3OgSaNGfN5HCVMpSqkyPVYt6xMnS5Emn
JFV6/ZpV68eeV6lOBNtV7NaONs3mdFtT7FmmOpVGNRp3K1G8QtVy/du37lTCG+n6xUo0qGC0cw1L
vVvWqMi0gScX5vrY8szKdBlHZZjU7dvDgkGPftxUM+G3bXUO3kk1Nf9UyUudHp4qMatoymPR4rZK
U7bu2lY59746FyXg2X5VS2b+unVx1rYzvyb+26zh5761r0be9Sx36RWve1/uuvZ50rbTX04OeDxj
zsTVI77dfrv06pTT7o3vv5DkW+wosJ57Krz8AsOuPNrCuq4yAKfDz7j09MpLwbr0Qg1DChmEMLv+
IJMPQJ7Me9C9DQ+kjawEVTyRv+YyZCuvBlGECzYSYSSwKfhUApHGFnGczkUWlQNvRCWXZLJJJvlz
Mkopp6SySitzg/JKLbfkskvIvAQzTDHHJLNMEtlCM00112SzTTffhDNOOeeks04778QzT+X607NP
P/8ENFBBByW00DYwzUQ0UUUXZbRRRx+FNFJJJ6W0UksvxTRTTTfltFNPPwU1VFFHJbVUU09FNVVV
PQ0IADsTmUgDRsdbWtFKEnNEAoRbBqinVtdkwCISzTMOUdokLKnGgLgWGPQ=

------=_NextPart_000_000E_01C558E1.38CCA9F0--

------=_NextPart_000_0014_01C558E1.38CCA9F0--

The email which triggered this auto-response had the following headers:
 Return-Path: <XXXXX>
Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com [192.168.18.81])
        by sc-app5.eq.ironport.com (Postfix) with ESMTP id 624142F926
        for <XXXXX[at]spam.spamcop.net>; Sat, 14 May 2005 22:01:21 -0700 (PDT)
Received: from quake1.xnet.com (198.147.221.67)
  by sc-smtp1.eq.ironport.com with ESMTP; 14 May 2005 22:01:20 -0700
Received: from P450 (typhoon.xnet.com [198.147.221.66])
        by quake1.xnet.com (Postfix) with ESMTP id E66DE7A4D
        for <XXXXX[at]spam.spamcop.net>; Sun, 15 May 2005 00:01:19 -0500 (CDT)
From: "XXXXX" <XXXXX>
To: <XXXXX[at]spam.spamcop.net>
Subject: Re: earthbound Sodium Liothyronine
Date: Sun, 15 May 2005 00:01:19 -0500
Message-ID: <001301c5590b$21a2b1f0$640a0a0a[at]P450>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0014_01C558E1.38CCA9F0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

[Wazoo]

Edited your last so it doesn't take so much effort to get past the details ... not sure I want to tackle the analysis right now. You see, I've got a bit of attitude working at present .. repeated references have been made to take a look at the Forum FAQ. The specific links that talk to "How to get full headers .." actually points back to the www.spamcop.net Help/FAQ pages .... the use of Outlook is a subject pretty much beaten to death in a number of places ... A simple Google search using the terms "Outlook" and SpamCop" should return a lot of stuff to wade through (matter of fact, with no qualification on the two words [just typing them into the Google search bar] results in; Results 1 - 10 of about 66,700 for spamcop outlook.

Granted, this includes much extraneous stuff, changing the search terms to +spamcop +outlook would narrow it down, but .... off to get distracted for a bit ....

[kae]

Thanks for taking the time to look at it. Also thanks for the tracking URL information.

That rfc pointer that explains cid and mid helped a lot (Thanks!), so it was a gif file embedded in the email message, which I saw when I tried to send it as an attached forwarded message.

I guess a question that comes up is this: By using Outlook it seems like I'm not able to actually gather all the information that is needed for spamcop. (I guess I'm referencing the "Converted to text/html by SpamCop (outlook/eudora hack)" comment that you made. Now I'm wondering if I need to pull email using a different Mailer since Outlook does so much munging. Maybe I should be using a different mailer to report spam.

Okay, I just found all this in the FAQ. I guess I need to RTFM or RTFF (for FAQ), except I think I need to study the FAQ or at least look deeper.

My next question was going to be which mailer should I try to use, but that's probably in the FAQ. I just have to find it.

Anyway, Thanks for the help! Point taken. I'll study the FAQ for more detail. Thanks!

[turetzsr]

Hi, kae!

<snip>

I'll study the FAQ for more detail. Thanks!

28058[/snapback]

...If you haven't already found it, you may wish to have a look at the FAQ entry Alternate Outlook 2003/XP e-mail submit methods. This is how I do reporting with Outlook 2000 and 2003. It doesn't ALWAYS work but it seems to work about 99% of the time.

[kae]

Hi, kae!...If you haven't already found it, you may wish to have a look at the FAQ entry Alternate Outlook 2003/XP e-mail submit methods.  This is how I do reporting with Outlook 2000 and 2003.  It doesn't ALWAYS work but it seems to work about 99% of the time.

28449[/snapback]

I have Outlook 2002 and I've tried that method of dragging the spam emails over to a new message and dropping them (they become attachments), but when I looked at what actually gets sent I found out that the headers are very truncated and the Received lines are removed. About the only ones left are From, Date, To, and Subject and there isn't enough information to process the attachments for the spamalizer. I have Outlook 2003 on my laptop, but I don't use that for email (at least yet). I'll have to try it out on there and see how that one works.

Thanks turetzsr, for the pointer to that thread.

[Jeff G.]

Unless you are forced into using Outlook for email (say, because you are forced to use your employer's Exchange Server), please stay away from it for spam reporting. Outlook Express is much better at reporting Internet email than Outlook. Thanks!