Jump to content

What's up with this?

dra007

By dra007
in SpamCop Lounge

Recommended Posts

loafman Advanced Member

loafman

Posted
Posted

My immediate reaction was that it was a way to avoid the reports being taken seriously...but that came to mind too...

39100[/snapback]

It used to be that anything that remotely looked like a DSN would not be reported by SpamCop. That's been fixed. Perhaps these guys are still in the past. Intelligence is not a spammer trait.

Link to comment
Share on other sites
  • 3 weeks later...
Navigatr1 Member

Navigatr1

Posted
Posted

I received my 3rd one like this today. It looks like a bounce, but is spam. The bounce appears like it is coming from their own server even though they are actually abusing some open proxy. The come from the normal sources: charter; rr; comcast; and whoever else. Spamcop says it is a bounce. I was puzzled by these too even though I know some spammers have used this tactic to get you to view their spam. I wasn't sure whether I should report these or not. However, it looks like people are reporting them, so I guess I will too. The first one I received, I canceled the report as I gave it the benefit of the doubt.

I tried decoding the attachment, which looked like base64, but all I got was gibberish.

Wazoo, any thoughts on these types of emails?

http://www.spamcop.net/sc?id=z864943252zb8...6156d8b6a8334cz

Do we keep reporting them?

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted
Wazoo, any thoughts on these types of emails?

http://www.spamcop.net/sc?id=z864943252zb8...6156d8b6a8334cz

Do we keep reporting them?

39749[/snapback]

As the crafter worked so hard to make this thing look like a bounce, and it's a pretty easy guess that you didn't actually try to send it, then I'm pretty comfortable pointing to the "Offical FAQ" - On what type of email should I (not) use SpamCop? ... As loafman states, in the past, this spam construct would have been rejected as a spam submittal for at least 3 specific reasons, but as seen in the parse, those checks are no longer in place. Beatig on open proxies found on systems that appear to be end-user systems is another good reason to justify reporting these.

I tried decoding the attachment, which looked like base64, but all I got was gibberish.

I spent some time playing with it also, but .... as the construct of what I see in the 'full view' is so bad, I'm wondering if what is displayed is the same as what was actually sent ...???

Link to comment
Share on other sites
Navigatr1 Member

Navigatr1

Posted
Posted

Thank you for the reply Wazoo. Now they are still making the messages look like a bounce when you report them, and even look at the body of the email. However, they are not putting "Delivery Status Notification (Failure)" in the subject line, and are just leaving them blank.

In this example, it was reported to earthlink, which has an open proxy. I sent them an unmunged report.

http://www.spamcop.net/sc?id=z865906579zed...ea90dc369b78b6z

Link to comment
Share on other sites
btech Advanced Member

btech

Posted
Posted

How could this POSSIBLY be a bounce, when the "FROM" is from a spoofed address, with a name like "MENENLARGER" or something and on this 'bounce', there's an attached HTML file that re-routes to a penis enlarging medication site? Bounces don't add on attachments and don't come from specific email addresses... they come from webmasters and responders.

Case and point, the one below claims it's from: Darby_rajc[at]classifiedtoday.com but was sent from a Comcast IP in MA. In addition, the return path is to: pswkead[at]esmas.com AND this came to a Hotmail address that did not show I was on the "TO" line.

http://mailsc.spamcop.net/sc?id=z866541728...b78ff51c1402dez

I only seem to receive these in my hotmail accts... not any other email address.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...