Jump to content

tricky guys


karlisma

Recommended Posts

Posted

I suggest you also go back and start re-reading from your first post. You ask questions about specific data, but never provide that specific data. You say the discussion is 'over' .. then make another post changing the subject and the query .... yet now appear to be complaining that the subject was changed ????

Yes, there are other discussions available that happen to to talk about things like munging, hidden details, possible tracking issues, the fact that so few of these actually mean anything these days, what with so much of it sent via compromised systems (meaning that the actual sender of the spam will never see the reports/complaints) .. on and on ....

I'm backing a few of the other members/users here .... you want to ask a question, there are usually answers provided. If you really wanted specific answers, then you need to supply the specific data in question. I really don't see questions in your last few posts, just some sort of commentary. Research was done to answer your last query, the same research can be applied to your latest Domain "comment" .. but .... I have other things to do, other folks asking questions, etc.

Posted

OK, it seems to you maybe there have been more hints than answers. To take just this part ...

If read first post = then see question :ph34r:

My attention, writing this, is to look at how many tracking codes are hidden in this message, never mind the following parts with gif name and everything else... Will and when spamcop will start to clean up these tracking codes? Any time soon or no chance at all?

The first time I can recall the topic being discussed was way back here Tracking Codes used by Spammers, How are they tracking us as we report? and, in my opinion (without pretending to be any sort of expert) SpamCop would be chasing a will-o-the-wisp/ignis fatuus to try to close even a few of the "vulnerabilities" (and, as you have alluded, one could add included "file names" plus their contents to the original list). Note, even back "then" the expert opinion (WB8TYW = John E. Malmberg) was that the bad guys would not even bother to track reporters. Since then there has been a huge move to botnets and, as Wazoo and others have said (several times or more) "meaning that the actual sender of the spam will never see the reports/complaints". Therefore tracking codes would be pointless. It would seem no chance at all is the likely answer, insofar as anyone "here" could guess. IMO
Posted
Still, Wazoo... The last question is unanswered. The purpose of making this tread start at all was to know how and why tracking info remains at report.

You say 'tracking info' yet provide nothing.

Stated before, there are many other conversations existing already that talk to to all the possible ways to embed hidden data in plain sight within an e-mail.

The specific answer to your selective quesry .... the parser tries to deal with an RFC compliant header and perform analysis on the flow / travel of that e-mail. What minging of personal data is attempted is talked to in the SpamCop FAQ. This includes the entry on Mole-Reporting. The "trying to find hidden codes, constructs, and secrets' within the spam / spam headers is not a function of the parser.

You say that zombies sent these messages... But report goes to spamvertised site masterminds as well, and then - they read their tracking data.

I did not use the 100% terminology. And even your "report goes to spamvertised site" flies in the face of all the complaints about the "spamvertised site does not resolve" .....And then the next step, in the Parsing & Reporting porcess, you are given the opportunity to select which reports go out to which targets.

No tracking details no nothing, just the ISP doesn't wish to receive....

And now what .. a comment without background .... so going with the flow .. if one "can't send a report" .. then how is the spammer going to check the "tracking codes" in that spam ...???? I'm back to not understanding the string of words that wasn't a question, yet seems to offer an arguement to your own commentary ...????

also for me it is not understandable how reports can go on and on to some hnidc_or_whatever_the_name[at]hotmail.com withot beaing noticed that it is for different IP blocks

??? just going with the technical details here .... some spammers can butn up 1 hundreds of Domains a day .. nothing says that all the hosting has to be done at one ISP, on one IP address. etc. And to go beyond that, there are the 'rotating DNS/Hosting" items done on those way-too-many compromised computers around the world .... the parser does its analysis based on the data of the moment ..

But again, it boils down to that you have the opportunity to select which reports fo to what targets .... there is the news://news.spamcop.net/routing newsgroup if you want to do the reseach and come up with a better reporting address for certain addresses ....

Those things are allways silenced out in forums, no answers or explanations given... thus makeing spamcop as whole - untrusty...

I Want TO BELIEVE.

I have no idea what you are suggesting here. Deletion of posted items here is right up there next to the 'Never' indicator. Even spam posts are moved to another Forum section, but they still exist. The answers you might be seeking seem to be the ones that only the folks that write the code would be able to provide. Those folks aren't here. Answers and explanations are offered for questions that can be answered here from the knowledge of the other users here. You should have noted by now that I do take things upstairs at times to get a response from those folks, get some additional data, but .... I'm just another user also ... some of those upstream requests get a reply, some are ignored, some are answered with a 'not-for-public-disclosure' .... you're simply going to have to work harder to make your case in this allegation.

Posted

geeze .. get a grip on yourself .... you make the allegation that things get hidden away on this Forum .. then try to take some of your misinformed thoughts and remarks private .. and then again complain when I try to dispell your illusions publically, such that others will also see the errors of your commentary.

This is a public forum, provided to offer support for the SpamCop.net toolset. If you need to send me some proivate information in order to resolve some issue, that will remain private. However, trying to take some thing like this discussion off-line and expecting me to spend the time one on one sith the same misinformation, no specific data provided, etc., etc., etc. ... that's not going to happen. I don't have time for that kind of silliness. I will repeat .. you are the one that needs to restart reading your Topic from Post #1 and get down to some bare facts.

I do my own research, manually generate and send my own complaints on spam received. Tracking codes, hidden messages, secret codes .. so what???? The lowlife already has my address, based on my receiving the spam in the first place.

Posted

It is still not clear (because he never told us) what karlisma's "tracking codes" were. Just to point out that if they were the most significant (individual) part of his (gender assumed) email address then there have been several earlier discussions on munging with a number of users (including myself, whether stated or not) supporting the view that the process should ultimately be extended to include (munge) all header and body occurrences of the email address/part address.

While this request, even more evidently now, provides little real protection (and perhaps a lower proportion of reporters now expect/require protection) it does serve the purpose of "raising the bar" - making it harder for spammers to achieve whatever purpose they had in the first instance. While the spammers' "real" purpose could simply be to send SpamCop and similarly-motivated organizations off on resource-consuming wild goose chases I find it difficult to resile from the view that the superficial munging process should be completed if it is going to be performed at all. I sort of hope the issue is still on some "to do" list at an appropriate level of priority.

All of which slightly modifies my previous post, I guess - (maybe no time soon rather than no chance at all). No apologies for that karlisma, you are too cryptic by far if I am guessing correctly (just a gentle touch of irony there, lest I be accused of the same).

Posted

Nah, it was quite nice, from You, Farelf.

At least you understand where "my problem" is.

I was/am cryptic, because I have proved to myself that slip here or there, without cleaning up the headers, where I see them "trackingcoded".... makes me regret I send spamreports at all. Seriously.

One slip did cost me three times more spam now. On one click... while reporting through spamcop. (no offence here, Wazoo)

B)

Posted
(no offence here, Wazoo)

???? I have no connection to the Parsing & Reporting system beyond a free reporting account. The only thing I get out of filling the Admin slot on this Forum thing is the fun of dealing with hackers, spammers, bashing code, and every once in a while, answering someone's question ....

Stated many times before, most of my spam gets reported manually, as I go beyond what the SpamCop.net toolset usually provides/allows. I gave up looking for 'tracking codes' years ago.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...