Bumpkin Posted July 25, 2005 Share Posted July 25, 2005 When I get an e-mail that states "copy and paste this URL to your browser", it's become difficult to keep my fingers from typing in the "http://www." in front of it! I know I can't alter the spam, but how do I get these reported without spending a ton of time manually parsing? Link to comment Share on other sites More sharing options...
turetzsr Posted July 25, 2005 Share Posted July 25, 2005 ...You have me totally confused (maybe it's just me). What is the source of these URLs -- are they return e-mails from your e-mail submissions of spam to SpamCop or are they URLs actually in a spam or ...???? Link to comment Share on other sites More sharing options...
Jeff G. Posted July 25, 2005 Share Posted July 25, 2005 They appear to be URLs in spam that are not recognizable enough by the Parser as URLs, so Bumpkin and others have to parse them manually. It is possible that TPTB can tweak the Parser to recognize them, and emails to deputies[at]spamcop.net should help that process along. Link to comment Share on other sites More sharing options...
Bumpkin Posted July 26, 2005 Author Share Posted July 26, 2005 ...You have me totally confused (maybe it's just me). What is the source of these URLs -- are they return e-mails from your e-mail submissions of spam to SpamCop or are they URLs actually in a spam or ...???? 30660[/snapback] The e-mails are all spam spam spam. "To get your lifetime prescription for \/|[at]gr[at] copy and paste this URL into your browser: XXX.XXX.XXX.XXX/viagra4u" (and if not an IP address, it's somewierdcombinationofletters . com/something) There's no "http://" indicating that there's a url to be found (not sure if that's the trigger in the parser). I've got an itchy trigger finger Link to comment Share on other sites More sharing options...
Jeff G. Posted July 26, 2005 Share Posted July 26, 2005 Bumpkin, your trigger finger appears to be too itchy in most of these cases - without 'http://' or 'www.' or '<a href="' to go on, the Parser will have lots of trouble identifying URLs. Link to comment Share on other sites More sharing options...
Jank1887 Posted July 26, 2005 Share Posted July 26, 2005 Bumpkin... Parser will have lots of trouble identifying URLs.30708[/snapback] So, algorithms anyone? text with dots and slashes...maybe if it finds a .com/etc. but then the spammer could (esp with html mail) load the email with lot's of fake url snippits (the good ol' white text on white in 3pt font trick.) if it's not an actual link... it's kind of tough. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 26, 2005 Share Posted July 26, 2005 So, algorithms anyone? text with dots and slashes...maybe if it finds a .com/etc. but then the spammer could (esp with html mail) load the email with lot's of fake url snippits (the good ol' white text on white in 3pt font trick.) if it's not an actual link... it's kind of tough. 30715[/snapback] I know....I know.... Get microsoft to stop turning every *.*.* set of text into a clickable link Link to comment Share on other sites More sharing options...
Jeff G. Posted July 26, 2005 Share Posted July 26, 2005 With friends like Microsoft's "helpful" programmers, who needs enemies? Link to comment Share on other sites More sharing options...
turetzsr Posted July 26, 2005 Share Posted July 26, 2005 ...You have me totally confused (maybe it's just me). What is the source of these URLs -- are they return e-mails from your e-mail submissions of spam to SpamCop or are they URLs actually in a spam or ...????The e-mails are all spam spam spam. "To get your lifetime prescription for \/|[at]gr[at] copy and paste this URL into your browser: XXX.XXX.XXX.XXX/viagra4u" (and if not an IP address, it's somewierdcombinationofletters . com/something) There's no "http://" indicating that there's a url to be found (not sure if that's the trigger in the parser). <snip> 30704[/snapback] ...So your problem is that the SpamCop parser is not recognizing the spamvertized web sites? In that case, I don't see an alternative to manual LARTs. SpamCop's are only advisory, anyway -- it doesn't add spamvertized IP addresses to the blocklist. Link to comment Share on other sites More sharing options...
btech Posted July 26, 2005 Share Posted July 26, 2005 I've noticed many full addresses slip past the parser, like: www.optin2millions.com with no text around it. Now it seems odd to me that the parser can miss that, but catch a web address in a string of letters and numbers that are meaningless. (if I come across another, I'll post it here.) Link to comment Share on other sites More sharing options...
Wazoo Posted July 26, 2005 Share Posted July 26, 2005 First thought, body text and header description need to match ,,, i.e. header says HTML but the URL is plain text .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 26, 2005 Share Posted July 26, 2005 I've noticed many full addresses slip past the parser, like: www.optin2millions.com with no text around it. Now it seems odd to me that the parser can miss that, but catch a web address in a string of letters and numbers that are meaningless. (if I come across another, I'll post it here.) 30728[/snapback] Technically, your first example is NOT a link and should never be shown as a link, but Microsoft has decided to present it that way in most of it's applications. What the parser is finding is (most likely) a legal way to represent a link (per the RFC's). If so, it is constructed correctly and spamcop programming can be made to find it. There are an infinite number of ways to make an improperly formatted link and no simple way to detect all of them. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 26, 2005 Share Posted July 26, 2005 There is also the bug in which the Parser "sometimes fails to find links that are really there - refreshing usually helps", as I wrote in The Link Analysis Process. Link to comment Share on other sites More sharing options...
btech Posted July 26, 2005 Share Posted July 26, 2005 Here's one, gents: http://www.spamcop.net/sc?id=z790097217z2d...a1e9d2316ac8eez AFTER I completed the report, if I hit "parse", it can then find the site, but the initial parsing did not. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 26, 2005 Share Posted July 26, 2005 Here's one, gents: http://www.spamcop.net/sc?id=z790097217z2d...a1e9d2316ac8eez AFTER I completed the report, if I hit "parse", it can then find the site, but the initial parsing did not. 30736[/snapback] Yes, this is the bug Jeff G. mentioned earlier. The parser is finding the link but not reporting it. I was mistakenly thinking you could see the link in the message but spamcop was not finding it. Sorry for any misdirection Brandon. Link to comment Share on other sites More sharing options...
btech Posted July 26, 2005 Share Posted July 26, 2005 no prob. So what is the best way to circumvent this? Copy the email in raw form, then paste in the processing box? Link to comment Share on other sites More sharing options...
Jeff G. Posted July 26, 2005 Share Posted July 26, 2005 no prob. So what is the best way to circumvent this? Copy the email in raw form, then paste in the processing box?30751[/snapback] That sometimes helps. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.