Geek Posted April 9, 2006 Share Posted April 9, 2006 Hello, For the past few weeks, I have been receiving "online meds" spam with embedded URL's the parser can't handle for some reason. Here's an example: href=3D"http://ghkalk.ripeunever.info/?62847526" gives the error that it is unresolvable and is discarded as fake. However, run the URL "ripeunever.info" through Internic and it has no problem resolving it. Thinking it was the subdomain messing up spamcop, I ran my own website subdomains through the parser and it resolved them just fine (canceling the reports of course). Manually reporting each one is a pain, because these spams have some things in common: - Always a different domain with randomly generated subdomain. I've counted over 300 domains so far. - Always a different resgistrant. - Always an attached image with the ad, but no URL in image. Spamcop does report to the source of the emails which: - 98% of the emails I get originate from Comcast or Verizon in the US. I am sure this has been brought up, but I did not find anything on the forum search. Thank you and good luck! Link to comment Share on other sites More sharing options...
Wazoo Posted April 9, 2006 Share Posted April 9, 2006 One problem in your query is the lack of a Tracking URL so that the the embedded URL could be seen in its environment. The "3D" suggests quoted-printable was in use, but ..???? and there are posts in this forum that do show spammers using a quoted-printable format in the body, but the headers don't define this as true. There are numerous posts within just this Forum section dealing with the (lack of) parse results for URLs. Use of a search tool shouldn't really be necessary, but ... as in this case, not everyone takes the care to develop a "good" subject line .... and some choose to use non-standard definitions to describe some actions .... Link to comment Share on other sites More sharing options...
Geek Posted April 10, 2006 Author Share Posted April 10, 2006 .. as in this case, not everyone takes the care to develop a "good" subject line .... 41909[/snapback] Sorry, I don't understand this question Were you wanting example of the spam with unparsable links? Link to comment Share on other sites More sharing options...
Wazoo Posted April 10, 2006 Share Posted April 10, 2006 Tracking URL of the spam (submittal) in question. Link to comment Share on other sites More sharing options...
Geek Posted April 10, 2006 Author Share Posted April 10, 2006 Ah, very good then Here it is: http://www.spamcop.net/mcgi?action=gettrac...rtid=1713816413 Link to comment Share on other sites More sharing options...
Wazoo Posted April 10, 2006 Share Posted April 10, 2006 Here it is: http://www.spamcop.net/mcgi?action=gettrac...rtid=1713816413 41931[/snapback] Tracking URL is defined in both the Glossary and the Dictionary provided here. It is titled as such in the parser output. You provided a Report-ID ... and thusly I'll point you to yet another SpamCop FAQ entry 'here' ... Getting a Tracking URL from a Report ID Link to comment Share on other sites More sharing options...
karlisma Posted April 10, 2006 Share Posted April 10, 2006 Tracking URL is defined in both the Glossary and the Dictionary provided here. It is titled as such in the parser output. You provided a Report-ID ... and thusly I'll point you to yet another SpamCop FAQ entry 'here' ... Getting a Tracking URL from a Report ID 41932[/snapback] ...and again - problem is being solved through detailed instruction on how to post question without getting answer... tadaa. I know there are rules, I know the philosophy, but is it that so hard to make it simpler, and get to the point as from beginning. i.e. href=3D"http://ghkalk.ripeunever.info/?62847526" the problem is clearly visible here, isn't it, gurus? some times it is making me think, as why there is such forum, etc. as most of the time instructions on how to post are reprinted again and again, while the point of the question is slipping through and away. You seem not to care, that such "posters" as myself are not as keen/smart as you are, they/us are just "foolish people which think - reporting spam would make this whole world better for letting e-mail work as it is meant". Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 10, 2006 Share Posted April 10, 2006 i.e. href=3D"http://ghkalk.ripeunever.info/?62847526" the problem is clearly visible here, isn't it, gurus? 41938[/snapback] The short answer is no it is not visible because if we plug that into the parser, we will likely get a different answer than if it is in the middle of a spam. The parser runs differently when parsing a single line (either IP address, host, or URL) and is more leienient because a report will not be generated in those cases. Without the Tracking URL, we are unable to see what the original poster is seeing and unable to help ecept in very general terms (if at all). As stated earlier, that LOOKS like a bad job of getting the original spam source from the message, but it needs to be in context (the surrounfing headers) to see if that is the case or it is something the spammer is poing to mess up the parse. Link to comment Share on other sites More sharing options...
Geek Posted April 10, 2006 Author Share Posted April 10, 2006 Sorry to have caused so much trouble. I have been a member of Spamcop since it opened and thought I'd mention a possible bug. Link to comment Share on other sites More sharing options...
Miss Betsy Posted April 10, 2006 Share Posted April 10, 2006 ...and again - problem is being solved through detailed instruction on how to post question without getting answer... tadaa. I know there are rules, I know the philosophy, but is it that so hard to make it simpler, and get to the point as from beginning. i.e. href=3D"http://ghkalk.ripeunever.info/?62847526" the problem is clearly visible here, isn't it, gurus? some times it is making me think, as why there is such forum, etc. as most of the time instructions on how to post are reprinted again and again, while the point of the question is slipping through and away. You seem not to care, that such "posters" as myself are not as keen/smart as you are, they/us are just "foolish people which think - reporting spam would make this whole world better for letting e-mail work as it is meant". 41938[/snapback] I wish I could think of parallel in the offline world, but my brain isn't working right now. Reporting spam does make the world better, but not if you are reporting it to the wrong people. Think of all those people who believe that 'bouncing' the email back to the spammer is a good idea. Well, it would be if that is where it went, but it doesn't. I am not technically fluent. There are some particular parts that I had the time and someone was patient enough that I finally understand how they work. Others I don't understand. But if the 'guru' says that I misunderstood and there is a difference between one kind of URL and another (or whatever the question was), then I think it is important to try to understand the difference. I feel awfully foolish that I didn't know the difference, but that's the way it goes when one is learning. Nobody here is trying to make you look foolish. They are just trying to answer the question. Ask a doctor about this funny pain in my back and see if you don't get a bunch of questions trying to narrow it down. Miss Betsy Link to comment Share on other sites More sharing options...
karlisma Posted April 11, 2006 Share Posted April 11, 2006 Nobody here is trying to make you look foolish. They are just trying to answer the question. Ask a doctor about this funny pain in my back and see if you don't get a bunch of questions trying to narrow it down. 41941[/snapback] that pain is not that funny and i could narrow it: http://forum.spamcop.net/forums/index.php?showtopic=6135 read: href=3D"http://ghkalk.ripeunever.info/?62847526" quoted printable, although it is not, as Wazoo did see it. using a quoted-printable format in the body, but the headers don't define this as true. sorry, if /me threw stone Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 11, 2006 Share Posted April 11, 2006 read: href=3D"http://ghkalk.ripeunever.info/?62847526" quoted printable, although it is not, as Wazoo did see it. 41955[/snapback] No, Wazoo was the one asking to see the Tracking URL. His sentence in full: The "3D" suggests quoted-printable was in use, but ..???? and there are posts in this forum that do show spammers using a quoted-printable format in the body, but the headers don't define this as true. You have pointed to those posts but we have no way of knowing if this is the same problem or not without seeing the tracking URL for this one. Link to comment Share on other sites More sharing options...
karlisma Posted April 13, 2006 Share Posted April 13, 2006 No, Wazoo was the one asking to see the Tracking URL. His sentence in full: You have pointed to those posts but we have no way of knowing if this is the same problem or not without seeing the tracking URL for this one. 41957[/snapback] on the other hand - this quoted-printable problem is not so rare, and I see that repeat every time.... if there is that 3D (like 3D"http://ghkalk.ripeunever.info/?62847526" ) - url is found but NOT traced at all, or url is found and marked fake because parser reads it "http:3D//ghkalk.ripeunever.info/?62847526" and then it is discarded as being fake. Link to comment Share on other sites More sharing options...
Wazoo Posted April 13, 2006 Share Posted April 13, 2006 on the other hand - this quoted-printable problem is not so rare, and I see that repeat every time.... 41991[/snapback] and yet, there is often so much more to the story .. see you last (moved/merged) stuff in http://forum.spamcop.net/forums/index.php?showtopic=6170 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.