Jump to content

Straight to tracking URL?


its8up
 Share

Recommended Posts

I have a timer run google suite scri_pt that filters spam box contents with common keywords and emails headers to spamcop (as well as occasionally using common keywords to mail "dev/null" spam to the appropriate source).  Of course, this means I must come by here every couple days or so to confirm and manually click the report link.  Was reporting spam like normal, then ran into a strange issue.  Clicked Unreported spam Saved: Report Now link and it went straight to this tracking URL:

https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z

Found the spam that apparently breaks the SPAMCOP page.  It is below for your pleasure.  Any idea what is going on with this thing?

 

Delivered-To: *********@gmail.com
Received: by 2002:a4a:3016:0:0:0:0:0 with SMTP id q22csp1931387oof;
        Sun, 15 Mar 2020 09:19:48 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vsCZ6pBhPe36NuRKdT0EMsXknH3fFGbThN9KldAi0TfyxqmwPz2vcG0j2ERgp+jUmn/eTJ9
X-Received: by 2002:adf:aac6:: with SMTP id i6mr5448025wrc.353.1584289188462;
        Sun, 15 Mar 2020 09:19:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1584289188; cv=none;
        d=google.com; s=arc-20160816;
        b=zJ9PHkIdDyTy2PsnMjDH8uzyhmB2Gp+3oal157sBSgfNJGa5BlJ/E6HNgi7cfo+nea
         BUGRvr+4fn0EZHLqT4V75TFoTQ6XWC5ZnrtZGbKXkppDE/0da3tUtA/suvSO2Z3wdo4a
         zw9F6/5KfiYyPavw/twFrPuETLtYnAe1dWeD9WmAybLRmpQnB41VM6rVHUyCezBd4BHP
         ozeMZo1HkjWLIdZ5iSEXYYtAOcI0lK8r3/yJ16sMEtOHxwfhyISGBo9SzZmMZV/A+j9o
         fRlia56QMGB0VT3DmmzanjnRQIPLbjSN+yVe4jbQu7ebATnI+UKqhnThpO8r4pztvXxE
         rf7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=reply-to:date:from:to:subject:content-description
         :content-transfer-encoding:mime-version:message-id;
        bh=C0GmZhwjZqrXpIa4xSA+O5u22Z8WgX/O1JShatnvvkI=;
        b=DtRgqzxrV2YoaVwR9Zb/sTCEw/TkYpM2gacBajNylF3BT3ghuiuK0mEIYI6qRmS2R5
         zHjtQx6kBqWtn+dRXX4ysAmDXUux++Jd43fzijV1cAR7WJ7/4wbqkbTTZejMOlkmrORh
         //NmTycczPlM0M67oSuT+c2aVjMQmOisU23ttnFNskZ741XtV+pvJbH0FTggccVNOc5Y
         ugXp4DGBaKVBauzqzoWaiYjCT7y+ET5LVFJHRmOAJ5CcYMMwpJ56/3J9I8iNxCJzTbii
         EeGSUUnblU+jJK3TQTecEdNg7vC4gRdT9icM2Oq8+r23sKj7z3S470u5itzYgRedWboN
         AKfw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn
Return-Path: <boc@bank.cn>
Received: from relay1.macrois.de (relay1.macrois.de. [81.209.169.71])
        by mx.google.com with ESMTPS id e17si12912723wrp.559.2020.03.15.09.19.44
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 15 Mar 2020 09:19:48 -0700 (PDT)
Received-SPF: temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) client-ip=81.209.169.71;
Authentication-Results: mx.google.com;
       spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn
Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655; Sun, 15 Mar 2020 17:19:41 +0100
Message-Id: <202003151619.02FGIUm2032655@relay1.macrois.de>
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: KEEP IN TOUCH
To: Recipients <boc@bank.cn>
From: "'Wang Wei'" <boc@bank.cn>
Date: Sun, 15 Mar 2020 17:19:34 +0100
Reply-To: errrwew.d.son@gmail.com

Hello,
     I have a business proposal worth $4,000,000.00 I wish to initiate with=
 you and you will be compensated adequately upon agreement and conclusion. =
Do send your response for more details.

Regards,
Mr.Wei
Link to comment
Share on other sites

11 hours ago, its8up said:

https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z

Found the spam that apparently breaks the SPAMCOP page.  It is below for your pleasure.  Any idea what is going on with this thing?

No idea
From African botnet probably Gmail antics
197.234.221.105  netabuse[AT]mtn[DOT]bj
Through email server
81.209.169.71

Edited by petzl
Link to comment
Share on other sites

14 hours ago, its8up said:

Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655;

The issue is the double dot in the Received line.  The two dots make this an invalid record.  If you change it to a single dot, it should submit.

Link to comment
Share on other sites

On 3/16/2020 at 7:55 AM, gnarlymarley said:

double dot

Good eye!  Adding a .replace() statement in preparation for a rash of those.  Thanks!

Why does google allow invalid records through the pipe?  Because they are too busy counting money to bother with syntax checks.  This ain't the first issue Google caused for spamcop.  Cannot rely on any standard formatting when the largest gorilla in the market chooses to march to the beating on its own chest.  <insert angry gorilla noises here>

Link to comment
Share on other sites

On 3/16/2020 at 11:55 PM, gnarlymarley said:

The issue is the double dot in the Received line.  The two dots make this an invalid record.  If you change it to a single dot, it should submit.

Yes that allows it to parse
https://www.spamcop.net/sc?id=z6623476193z4ef535a5f5916faa0ed30142c9229a4ez

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...