Jump to content

Foiling 'Do not click, type in your browser' spam

99clunk

By 99clunk
in SpamCop Lounge

Recommended Posts

99clunk Member

99clunk

Posted
Posted

Not sure if this 'allowed' but it works, having just tested it.

I've received spam recently that doesn't give a direct link to the web site peddling the wares, but includes graphic text giving instructions to type the link into the browser.

By very carefully, (very carefully) typing the link into the actual text portion of the spam that aims to defeat Baysian spam detection, the link is then parsed and included in the generated report.

Now this is effectively doctoring the spam source code - allowed or not? It's quick, but would the more correct method be to give the graphic url a separate submission?

Link to comment
Share on other sites
agsteele Been There

agsteele

Posted
Posted
Not sure if this 'allowed' but it works, having just tested it.

I suspect that this is not allowed since you are changing the content of the message received. You should manually report the URL concerned.

Submit the spam item to the parser as received and the originating ip will be identified and reported but the embedded URL of the website concerned may not be reported - depending on the actual message received.

Andrew

Link to comment
Share on other sites
karlisma Advanced Member

karlisma

Posted
Posted
Submit the spam item to the parser as received and the originating ip will be identified and reported but the embedded URL of the website concerned may not be reported - depending on the actual message received.
WHY?

just why? And isn't that the original purpose (to avoid reporting from spamcop) of theee spammer?

Link to comment
Share on other sites
karlisma Advanced Member

karlisma

Posted
Posted
That settles it. Period.

no, it doesn't.

I still do not have explanation for this -

they put it in gif/png - so not tracked by spamcop

JUST BECAUSE I DID AGREE? :blink:

And, yes, dear friends i know all this blah-blah about main purpose (mail source) and philosophy (close advertisment channel, instead of advertised target)... Probably the time has come to change a thing there or here?

And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat.

REPEAT: isn't that the original purpose (to avoid reporting from spamcop) of theee spammer?

Is that thee ANSWER?

SpamCop does what it does and doesn't do for a reason.

peace.

Link to comment
Share on other sites
99clunk Member

99clunk

Posted
  • Author
Posted
And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat.

I'll qualify my last statement - it settles it for me. The lifeblood of forums like this is that others will disagree. :) I'll submit the graphic url as a separate issue. I think there should be a mechanism for including associated urls so they do get parsed along with the sender info, but then again I don't have to design, implement and run a system that does that.

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted
no, it doesn't.

I still do not have explanation for this -

Please take it up with the paid staff members.

they put it in gif/png - so not tracked by spamcop

JUST BECAUSE I DID AGREE? :blink:

I fail to see the issue ... there is nothing to stop you from generating and sending your own complaints anywhere you want. Use of the SpamCop.net tool-set comes with certain conditions. This 'embedded in a graphic' is but one way that 'reporting tools' are attempted to be circumvented by spammers.

A paid-accounts has certain benefits, one of which is to add additional addresses and data to a parse result ready to 'go out' ...

And, yes, dear friends i know all this blah-blah about main purpose (mail source) and philosophy (close advertisment channel, instead of advertised target)... Probably the time has come to change a thing there or here?

You need to take this up with the paid staff ....

And remember it is not error or mail forum, it's LOUNGE. threads do not need to be marked RESOLVED right out of the bat.

What in the world are you carrying on about? There has been no Moderator action performed to tag this Topic as [Resolved] .....

REPEAT: isn't that the original purpose (to avoid reporting from spamcop) of theee spammer?

Is that thee ANSWER?

SpamCop does what it does and doesn't do for a reason.

Still don't know why you are so excited .... once again, an issue like this, take it up with the paid staff ....

Build your own tool that does what you want.

Learn to read headers, do the research, and report this stuff on your own ...

Go for a paid-account type and use the additional fields ....

on and on ....

Link to comment
Share on other sites
Ayanami Newbie

Ayanami

Posted
Posted

What I do in this case is to first find the abuse address for the spamvertised site, and then add it to the report as 'User Notification', including a small explanation in the 'Notes' for the 'User Notification'. The spam itself is left as it is.

Link to comment
Share on other sites
99clunk Member

99clunk

Posted
  • Author
Posted

What I do in this case is to first find the abuse address for the spamvertised site, and then add it to the report as 'User Notification', including a small explanation in the 'Notes' for the 'User Notification'. The spam itself is left as it is.

Works. Makes sense. :)

Link to comment
Share on other sites
agsteele Been There

agsteele

Posted
Posted
WHY?

just why? And isn't that the original purpose (to avoid reporting from spamcop) of theee spammer?

I guess because it isn't our service, and the owners make the rules.

As has been rehearsed many times, the SpamCop reporting service is primarily concerned with identifying originating IP addresses. The reporting of spamvertised URLs is a secondary activity which only alerts a hosting ISP to a potential spammer. SpamCop's rules have always said do not make changes to the content. As 99clunk has noted, where a URL is not parsed you can still manually report it to the ISP in question. You can use the parser to identify the necessary information for submitting the report but you may not materially change the content of the spam and submit via the parser. I guess it is a case of their service, their rules.

Andrew

So, now it's clear - PAy, Pay, PaY. I see. (99clunk and Ayanami - those are options for paid members?)

Just one more Q:

http://www.spamcop.net/sc?id=z1144772569z7...0427705c345f5fz

so, if the e-mail source says, it will cease.... no need to parse the links? Or - pay, pay, pay again?

I'm not sure what the 'pay, pay, pay' reference is to.

If you pay some cash then you get some extra facility (if you want an Email account) or you choose the support the SCBL. Both allow you a little extra information but paying does allow you make submissions that a free reporter cannot make other than add a few manual entries to a parsed report. But you still have to type things in yourself.

Andrew

Link to comment
Share on other sites
StevenUnderwood What Life?

StevenUnderwood

Posted
Posted

So, now it's clear - PAy, Pay, PaY. I see. (99clunk and Ayanami - those are options for paid members?)

Just one more Q:

http://www.spamcop.net/sc?id=z1144772569z7...0427705c345f5fz

so, if the e-mail source says, it will cease.... no need to parse the links? Or - pay, pay, pay again?

karlisma: One of the only things you would need to pay for is to see past reports for IP addresses. Everything else, the exact thing can be done manually using spamcop's free service to determine the reporting address. Paying just makes it a bit easier because it can be done for you. You want more service done for you, you need to pay.

As for your question: When I clicked on that link, it gave me the following:

Re: http://chesnok-oem.com/ (Administrator of network hosting website referenced in spam)

abuse[at]relcom.net

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...