ewv Posted March 22, 2004 Share Posted March 22, 2004 Spammer is using quasi invisible links to falsify innocent domains. <a href=http://hormones.net>`</a><p><a href=http://activism.com>^</a></p><a href=http://materially.org>*</a> (This may have been in another post but I don't remember where or what the context was.) This displays as the three separate characters ' ^ and * as live links on only single characters on separate lines, in this case buried at the bottom of the page away from the spammer's link. From activism.com: Thank you for your report, however, this spam, has nothing to do with us. The spammers seem to throw other domains into the html code to throw off the reporting services (like Spamcop) that have nothing to do with the spam itself. This has been a tactic used lately and there is nothing we can do about it. Another unsurprising example of the characteristic spammer dishonesty deliberately intended to disrupt innocent people (as well as "competitors" of their own kind) in complaints against the spammer's own harassment. These creatures are pure malignance who if not stopped will sooner or later begin to be mysteriously found face down in a swamp somewhere when people refuse to put up with it anymore and someone is pushed over the edge. Link to comment Share on other sites More sharing options...
Farelf Posted March 22, 2004 Share Posted March 22, 2004 Thanks for the heads up ewv. Another variation to look forward to - but this one has the potential to turn mole reports into a bit of a nuisance, hasn't it? As I understand it mole reporters haven't the facility to discriminate in what reports to send, it's all or none for a particular spam so far as I can see. Anyway, let's not let them get us down, however tempting it might be to daydream about Lord Kitchener's "rule .303"* (was there ever a US equivalent - "rule .30 '06", perhaps?), most of them probably *want* to be hated. *Okay, I notice Google has lots of matches off the topic for "rule .303", so this is added: "Rule .303" was allegedly an unwritten order issed by Lord Kitchener in the prosecution of the Boer War which required the field execution of captured Boer militia who were deemed guilty of certain acts of deception and/or "savage" behaviour (.303 was the British military calibre at the time, used in such executions). Kitchener denied the existence of such an order when the conduct of the war came under unsympathetic scrutiny. He supposedly admitted to it later. Link to comment Share on other sites More sharing options...
Wazoo Posted March 22, 2004 Share Posted March 22, 2004 has the potential to turn mole reports into a bit of a nuisancenot sure I understand the context ... mole reporting sends no actual reports, and even with feeding the database, this is only for the IPAddress of the incoming spam ... don't see where these web-sites get involved (in a mole report). This has been a tactic used lately and there is nothing we can do about it. Based on the response to the alleged SpamCop report, they should have had the option to follow up on the complaint and get themselves marked as an Innocent Bystander, which would stop future reports. Link to comment Share on other sites More sharing options...
turetzsr Posted March 22, 2004 Share Posted March 22, 2004 This has been a tactic used lately and there is nothing we can do about it. Based on the response to the alleged SpamCop report, they should have had the option to follow up on the complaint and get themselves marked as an Innocent Bystander, which would stop future reports. ...Not only that, but IMHO they should care enough about the spammers doing this to them that they should pursue the spammers, as other ISPs and e-mail providers do. Link to comment Share on other sites More sharing options...
Farelf Posted March 22, 2004 Share Posted March 22, 2004 ... mole reporting sends no actual reports, and even with feeding the database, this is only for the IPAddress of the incoming spam ... don't see where these web-sites get involved (in a mole report). I don't know - SpamCop certainly resolves the links and appears to prepare reports (to itself, affecting statistics?) - ref: Example - (recently submitted & "silent" reports sent) Am I misinterpreting something here? Link to comment Share on other sites More sharing options...
Wazoo Posted March 22, 2004 Share Posted March 22, 2004 OK, just my guess ... the normal parsing tool is used to handle the analysis of the spam, but the reports are flagged to not go out. Unless there are yet more undocumented changes going on, SpamCop was not in the business of logging URLs for any type of logging or blocking action, so the only one that counted anywhere was the e-mail source IP addresss for the DNSbl .... So I'd suggest that the report comments in your example are just fall-out from using the parsing code already in place, but with the identified reports just being /dev/nulled ... but most definitely, they are not being sent to the ISP in question ... Link to comment Share on other sites More sharing options...
Ellen Posted March 22, 2004 Share Posted March 22, 2004 OK, just my guess ... the normal parsing tool is used to handle the analysis of the spam, but the reports are flagged to not go out. Unless there are yet more undocumented changes going on, SpamCop was not in the business of logging URLs for any type of logging or blocking action, so the only one that counted anywhere was the e-mail source IP addresss for the DNSbl .... So I'd suggest that the report comments in your example are just fall-out from using the parsing code already in place, but with the identified reports just being /dev/nulled ... but most definitely, they are not being sent to the ISP in question ... You are correct the regular parse logic is used but for moles no reports are sent -- and no we are not using urls to add to the blocklist -- um well what you said is correct Link to comment Share on other sites More sharing options...
Farelf Posted March 23, 2004 Share Posted March 23, 2004 You are correct the regular parse logic is used but for moles no reports are sent -- and no we are not using urls to add to the blocklist Hence the confirmation - /dev/null'ing report for mole[at]devnull.spamcop.net. Thanks for your great patience, people (not to mention your stamina), I understand at last, also noting the thread on question - does it work? Moles have access to the links described by ewv, they have access to the address of the hosting network administrators affected and they have detail of the spam origin. Those who have a mind to can, themselves, contact the URL owners to encourage them to take action. I figure it would be way too paranoid to be worrying about "anti-spam traps" in the context of these minimized links. As pointed out above, the URLs response This has been a tactic used lately and there is nothing we can do about it. is hardly adequate if they are self-hosting but in other cases they may have been out of the loop. With a little information those just might be prepared to "do something about it". We can use all the allies we can get, yes? Which is all rather moot, I await my first exemplar, "every fibre of me aquiver in ... anticipation." Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.