99clunk Posted November 23, 2006 Posted November 23, 2006 Not sure if this 'allowed' but it works, having just tested it. I've received spam recently that doesn't give a direct link to the web site peddling the wares, but includes graphic text giving instructions to type the link into the browser. By very carefully, (very carefully) typing the link into the actual text portion of the spam that aims to defeat Baysian spam detection, the link is then parsed and included in the generated report. Now this is effectively doctoring the spam source code - allowed or not? It's quick, but would the more correct method be to give the graphic url a separate submission?
agsteele Posted November 23, 2006 Posted November 23, 2006 Not sure if this 'allowed' but it works, having just tested it. I suspect that this is not allowed since you are changing the content of the message received. You should manually report the URL concerned. Submit the spam item to the parser as received and the originating ip will be identified and reported but the embedded URL of the website concerned may not be reported - depending on the actual message received. Andrew
karlisma Posted November 23, 2006 Posted November 23, 2006 Submit the spam item to the parser as received and the originating ip will be identified and reported but the embedded URL of the website concerned may not be reported - depending on the actual message received. WHY? just why? And isn't that the original purpose (to avoid reporting from spamcop) of theee spammer?
Wazoo Posted November 23, 2006 Posted November 23, 2006 Material changes to spam SpamCop does what it does and doesn't do for a reason. Do not make any material changes to spam before submitting or parsing which may cause SpamCop to find a link, address or URL it normally would not, by design, find. Why? ..... You agreed to this, for starters.
99clunk Posted November 23, 2006 Author Posted November 23, 2006 Material changes to spam SpamCop does what it does and doesn't do for a reason. Do not make any material changes to spam before submitting or parsing which may cause SpamCop to find a link, address or URL it normally would not, by design, find.. That settles it. Period.
karlisma Posted November 23, 2006 Posted November 23, 2006 That settles it. Period. no, it doesn't. I still do not have explanation for this - they put it in gif/png - so not tracked by spamcop JUST BECAUSE I DID AGREE? And, yes, dear friends i know all this blah-blah about main purpose (mail source) and philosophy (close advertisment channel, instead of advertised target)... Probably the time has come to change a thing there or here? And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat. REPEAT: isn't that the original purpose (to avoid reporting from spamcop) of theee spammer? Is that thee ANSWER? SpamCop does what it does and doesn't do for a reason. peace.
99clunk Posted November 23, 2006 Author Posted November 23, 2006 And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat. I'll qualify my last statement - it settles it for me. The lifeblood of forums like this is that others will disagree. I'll submit the graphic url as a separate issue. I think there should be a mechanism for including associated urls so they do get parsed along with the sender info, but then again I don't have to design, implement and run a system that does that.
Wazoo Posted November 23, 2006 Posted November 23, 2006 no, it doesn't. I still do not have explanation for this - Please take it up with the paid staff members. they put it in gif/png - so not tracked by spamcop JUST BECAUSE I DID AGREE? I fail to see the issue ... there is nothing to stop you from generating and sending your own complaints anywhere you want. Use of the SpamCop.net tool-set comes with certain conditions. This 'embedded in a graphic' is but one way that 'reporting tools' are attempted to be circumvented by spammers. A paid-accounts has certain benefits, one of which is to add additional addresses and data to a parse result ready to 'go out' ... And, yes, dear friends i know all this blah-blah about main purpose (mail source) and philosophy (close advertisment channel, instead of advertised target)... Probably the time has come to change a thing there or here? You need to take this up with the paid staff .... And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat. What in the world are you carrying on about? There has been no Moderator action performed to tag this Topic as [Resolved] ..... REPEAT: isn't that the original purpose (to avoid reporting from spamcop) of theee spammer? Is that thee ANSWER? SpamCop does what it does and doesn't do for a reason. Still don't know why you are so excited .... once again, an issue like this, take it up with the paid staff .... Build your own tool that does what you want. Learn to read headers, do the research, and report this stuff on your own ... Go for a paid-account type and use the additional fields .... on and on ....
Ayanami Posted November 23, 2006 Posted November 23, 2006 What I do in this case is to first find the abuse address for the spamvertised site, and then add it to the report as 'User Notification', including a small explanation in the 'Notes' for the 'User Notification'. The spam itself is left as it is.
99clunk Posted November 24, 2006 Author Posted November 24, 2006 What I do in this case is to first find the abuse address for the spamvertised site, and then add it to the report as 'User Notification', including a small explanation in the 'Notes' for the 'User Notification'. The spam itself is left as it is. Works. Makes sense.
karlisma Posted November 24, 2006 Posted November 24, 2006 So, now it's clear - PAy, Pay, PaY. I see. (99clunk and Ayanami - those are options for paid members?) Just one more Q: http://www.spamcop.net/sc?id=z1144772569z7...0427705c345f5fz so, if the e-mail source says, it will cease.... no need to parse the links? Or - pay, pay, pay again?
agsteele Posted November 24, 2006 Posted November 24, 2006 WHY? just why? And isn't that the original purpose (to avoid reporting from spamcop) of theee spammer? I guess because it isn't our service, and the owners make the rules. As has been rehearsed many times, the SpamCop reporting service is primarily concerned with identifying originating IP addresses. The reporting of spamvertised URLs is a secondary activity which only alerts a hosting ISP to a potential spammer. SpamCop's rules have always said do not make changes to the content. As 99clunk has noted, where a URL is not parsed you can still manually report it to the ISP in question. You can use the parser to identify the necessary information for submitting the report but you may not materially change the content of the spam and submit via the parser. I guess it is a case of their service, their rules. Andrew So, now it's clear - PAy, Pay, PaY. I see. (99clunk and Ayanami - those are options for paid members?) Just one more Q: http://www.spamcop.net/sc?id=z1144772569z7...0427705c345f5fz so, if the e-mail source says, it will cease.... no need to parse the links? Or - pay, pay, pay again? I'm not sure what the 'pay, pay, pay' reference is to. If you pay some cash then you get some extra facility (if you want an Email account) or you choose the support the SCBL. Both allow you a little extra information but paying does allow you make submissions that a free reporter cannot make other than add a few manual entries to a parsed report. But you still have to type things in yourself. Andrew
karlisma Posted November 24, 2006 Posted November 24, 2006 sometimes, dear friend, you have to read the book from beggining, to understand.... references and general moves made in thread. Thank You for trying to answer, anyhow.
StevenUnderwood Posted November 24, 2006 Posted November 24, 2006 So, now it's clear - PAy, Pay, PaY. I see. (99clunk and Ayanami - those are options for paid members?) Just one more Q: http://www.spamcop.net/sc?id=z1144772569z7...0427705c345f5fz so, if the e-mail source says, it will cease.... no need to parse the links? Or - pay, pay, pay again? karlisma: One of the only things you would need to pay for is to see past reports for IP addresses. Everything else, the exact thing can be done manually using spamcop's free service to determine the reporting address. Paying just makes it a bit easier because it can be done for you. You want more service done for you, you need to pay. As for your question: When I clicked on that link, it gave me the following: Re: http://chesnok-oem.com/ (Administrator of network hosting website referenced in spam) abuse[at]relcom.net
Recommended Posts
Archived
This topic is now archived and is closed to further replies.