bdurrett Posted March 19, 2004 Share Posted March 19, 2004 It looks as if some clever spammer has figured out a way to keep SpamCop from parsing a message body for URLs by mangling the opening tags of an HTML file. The one that has been most successful has been a spam for a cable TV filter. I end up getting an error that says that SpamCop needs a full and complete copy of the message body although I have done exactly that ("View Source" -> "Select All" -> "Copy" -> Paste into report form - Yes, I am using Outlook so I have to use the Outlook hack) The sender appears to be a ConCast zombie. Here is a copy of the header and the body text / HTML associated: Received: from c-24-7-52-94.client.comcast.net ([184.108.40.206]) by prserv.net (in9) with SMTP id <20040319074032109026lo4ke>; Fri, 19 Mar 2004 07:40:58 +0000 X-Originating-IP: [220.127.116.11] X-AntiVirus: Checked by Dr.Web (http://www.drweb.net) Received: from 18.104.22.168 by 22.214.171.124; Thu, 18 Mar 2004 10:39:16 +0300 Message-ID: <FDEHBKWJXHDWHXPQPYECI[at]yes.com> From: "Brent Self" <bpkyff[at]yes.com> Reply-To: "Brent Self" <bpkyff[at]yes.com> To: <...snip...> Subject: Re: WXKX, voice that yeshua Date: Thu, 18 Mar 2004 13:39:16 +0600 X-Mailer: AOL 1.0 for Windows US sub 215 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--984907409932252537" X-Priority: 3 X-MSMail-Priority: Normal X-IP:126.96.36.199 ----984907409932252537 Content-Type: text/html; Content-Transfer-Encoding: 7Bit <HTML><HEAD> <BODY> <p>Fr</maldistribute>ee Ca</surge>ble%RND_SYB TV</p> <a href="http://www.8001hosting.com/cable/"> <img border="0" src="http://www.8001hosting.com/fiter1.jpg"></a> taxonomy primordial buttery intransigent shortage nitrogenous freedom banks gnaw louisa comedy farnsworth ho flaky glycogen alliance diamond musket individualism easternmost viceroy passband beaux regulate cantilever almighty campsite <BR> chevalier deja dumbbell monocular mammoth utah moen daimler thunderbolt turnstone atrocity infest pinball decrease heartfelt began amoco nebulous alexandre bagley aforementioned budd d seder academician saloonkeeper apocrypha <BR> </BODY> </HTML> ----984907409932252537-- and here is the error that gets produced: Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found As you can see, there IS a link in the body but something with the malformed <HEAD> is preventing SpamCop from being able to parse it. When one clicks on the "More information on this error" link, you get the page that says something about headers not being complete. It has nothing to do with the error that is reported. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.