Jump to content

SpamCop Parsing Error?


Johnincal

Recommended Posts

Hello!

I have been using SpamCop for years. This is the first submission that I ever had an error come back when I tried to submit the report after parsing.

I sent this (with no changes) as an attachment as I always have.

This is the EXACT HEADER that I just copied and pasted from the email in my inbox:

X-Originating-IP: [216.221.81.29]

Return-Path: <jemiller45[at]cogeco.ca>

Authentication-Results: mta207.mail.re2.yahoo.com from=cogeco.ca; domainkeys=neutral (no sig)

Received: from 216.221.81.29 (EHLO fep3.cogeco.net) (216.221.81.29) by mta207.mail.re2.yahoo.com with SMTP; Thu, 13 Dec 2007 22:26:11 -0800

Received: from cogeco.ca (smtp1.cogeco.ca [216.221.81.28]) by fep3.cogeco.net (Postfix) with SMTP id E85D5288D; Fri, 14 Dec 2007 01:26:09 -0500 (EST)

To:

Sender: jemiller45[at]cogeco.ca

From: "A & E Textile Co. Limited" <aetextiles[at]verizon.net?> Add to Address BookAdd to Address Book Add Mobile Alert ,

Reply-to: A & E Textile Co. Limited<aetextiles[at]verizon.net?

Subject: Employment Opportunity (Part Time)

X-Mailer: Cogeco Webmail - complaints to abuse[at]cogeco.ca ( 81.199.63.19 - jemiller45[at]cogeco.ca )

X-Originating-IP: 81.199.63.19

Date: Thu, 13 Dec 2007 20:26:09 -1000

X-Priority: 3 (Normal)

Message-id: <47622201.37e.2d20.5016[at]cogeco.ca>

Content-Length: 696

When I got the notification and followed the link to report, this is the way SpamCop parsed (or tried to) the header. This is the way the header showed at the top of the page:

"A & E Textile Co. Limited" <aetextiles[at]verizon.net?>, MISSING_MAILBOX_TERMINATOR[at]SYNTAX-ERROR. wrote: From A & E Textile Co. Limited Thu Dec 13 22:26:09 2007

X-Apparently-To: x via 68.142.206.42; Thu, 13 Dec 2007 22:26:13 -0800

X-YahooFilteredBulk: 216.221.81.29

X-Originating-IP: [216.221.81.29]

Return-Path: <jemiller45[at]cogeco.ca>

Authentication-Results: mta207.mail.re2.yahoo.com from=cogeco.ca; domainkeys=neutral (no sig)

Received: from 216.221.81.29 (EHLO fep3.cogeco.net) (216.221.81.29)

by mta207.mail.re2.yahoo.com with SMTP; Thu, 13 Dec 2007 22:26:11 -0800

Received: from cogeco.ca (smtp1.cogeco.ca [216.221.81.28])

by fep3.cogeco.net (Postfix) with SMTP id E85D5288D;

Fri, 14 Dec 2007 01:26:09 -0500 (EST)

To: (Recipient List Suppressed)

Sender: jemiller45[at]cogeco.ca

From: A & E Textile Co. Limited<aetextiles[at]verizon.net?

Reply-to: A & E Textile Co. Limited<aetextiles[at]verizon.net?

Subject: Employment Opportunity (Part Time)

X-Mailer: Cogeco Webmail - complaints to abuse[at]cogeco.ca ( 81.199.63.19 - jemiller45[at]cogeco.ca )

X-Originating-IP: 81.199.63.19

Date: Thu, 13 Dec 2007 20:26:09 -1000

X-Priority: 3 (Normal)

Message-id: <4762______________5016[at]cogeco.ca>

Content-Length: 696

Further down in the report, I see this:

Finding links in message body

Parsing text part

error: couldn't parse head

Message body parser requires full, accurate copy of message

More information on this error..

no links found

When I tried to submit the report, this is the error I got:

By the way, the body of the email is in plain text. I am going to put it here (This the the exact copy, except I am going to substitute "[at]" with "AT".

A & E Textile Co. Limited

Reply strictly on this email:aetextile"AT"verizon.net

Dear Sir/Madam,

A & E Textile Co. Limited is an official textile company in the UK and

we are in search of a company representative in

the USA who can act as payment officer/account Executive on behalf of

the company in the USA.

Duties: Receive payment on behalf of the company from our clients

within the USA

Benefits: 10% of every payment you receive is your commission.

If you're interested, please provide the following information:

- Full Name, Physical Address (No P.O. Box) Including Zip Code, Phone

Number, Present Occupation, Age.

Awaiting your response.

Regards,

Mr. Robert Bauer(Recruitment Manager).

Now I read the more information. It says I did something to change the email which I didn't. Like I said, I have been using SpamCop for years and have always submitted the spam as an attachment the same way.

All I can think of is that this scumbag has figured out how to defeat SpamCop, but don't know enough about it to be sure.

I hope somebody can check this out and see what you think.

Thanks!

(I hope I didn't leave any personal info on this, if I did, I hope a mod will edit it.)

Link to comment
Share on other sites

There is really no way to guess at just what is going on with what you've provided here. What is needed is asked for, hinted at, spelled out in numerous How to ask a question links scattered around this Forum .. please provide a Tracking URL such that the actual submittal/parse-result page can be seen.

This is the way the header showed at the top of the page:

"A & E Textile Co. Limited" <aetextiles[at]verizon.net?>, MISSING_MAILBOX_TERMINATOR[at]SYNTAX-ERROR. wrote: From A & E Textile Co. Limited Thu Dec 13 22:26:09 2007

These lines look totally bad, but ... ??? where did they really come from???

Link to comment
Share on other sites

Hi Wazoo!

Thanks for the reply!

Sorry about not giving all the info you need. Here is the reporting link:

http://www.spamcop.net/sc?id=z1565903640za...73d1f09f8a08c5z

I am not sure what you are asking when you say, "Where did they really come from?" I can only assume that was a rhetorical question, but if you are asking where I got it, it is from Yahoo Mail.

Let me know if you need any other info to help.

Link to comment
Share on other sites

I am not sure what you are asking when you say, "Where did they really come from?" I can only assume that was a rhetorical question, but if you are asking where I got it, it is from Yahoo Mail.

Thanks for the Tracking URL. However, as it turns out, it didn't change my initial suggested issue.

I was very literal in asking where those lines (the single top line in your submittal) came from.

The word "wrote:" just doesn't seem to fit at all. The bracketed items make it look like a spam filtering tool was involved somewhere. But this entire line is totally bogus as far as an e-mail header goes.

What I find amazing is that the parser seemed to ignore this for the source-tracking part, only having an issue when trying to discern the content of the e-mail .. the 'problem' being that it appears that the content actually started on Line 1. ????

From: "Wazoo"

To: "SpamCop Deputies"

Subject: parsing issue

Date: Fri, 14 Dec 2007 16:14:37 -0600

http://forum.spamcop.net/forums/index.php?showtopic=9020

User provides a Tracking URL of http://www.spamcop.net/sc?id=z1565903640za...73d1f09f8a08c5z

I don't quite follow why/how the parser seems to handle the

source-tracking portion just fine, only choking when trying to look

at the body contents. In the past, the parser would have 'died'

almost immediately due to the bad content on the first line of this

submittal.

The only assumption would be that something in that first line

matched something of a 'common screwed up submittal' line which has

been programmed into the parser to somehow ignore, but ...???? Is

this the type of answer that should be provided?

My guess would be that the 'programmed ignore this line' decision bit is based on the 'spam analysis results' type of content within that first line.

It should be noted that the Parsing & Reporting tool did in fact perform its primary mission .. identifying the source of the e-mail and providing that target for a report to be sent to .....

Link to comment
Share on other sites

Well, we're accustomed to the From: and Reply-to: lines being bogus but some sort of filter picking up typos there? The forensic possibilities are fascinating.

From: A & E Textile Co. Limited<aetextiles[at]verizon.net?

Reply-to: A & E Textile Co. Limited<aetextiles[at]verizon.net?

A left-handed youth, subnormally socialized, childhood developmental difficulties, lower socio-economic stratum ... the net draws tighter. Now if only it could learn to publish its comments as an X-line ... I guess Yahoo would be the prime suspect but no way to tell from "here" and no other users have chimed in so far.

Link to comment
Share on other sites

Well, the only info I can add is that, as far as I know, Yahoo has never changed anything on the headers. The only thing it does is run it through the filter and put it in the "Bulk" folder.

As I have said, I have been using Yahoo Mail and SpamCop for years. Because I get a ton of spam in my "bulk" folder, I only send spam that is from the Nigerian Scumbags, Phishers or those idiots that send 10 or 20 of the same mail from the same IP.

You guys can mull this over between you, but the reason I titled this thread the way I did, is because I didn't know if this scumbag has learned how to defeat SpamCop. Yahoo just threw it into the "Bulk" folder.

Well, this may be a head scratcher, but I thank you guys for checking this out and commenting!

Link to comment
Share on other sites

What is needed is asked for, hinted at, spelled out in numerous How to ask a question links scattered around this Forum ..

Johnincal, please don't think that SpamCop condones that sort of rude comment. We do NOT appreciate it when the volunteers chide the users for not being perfectly prepared before they post in these forums.

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

Johnincal, please don't think that SpamCop condones that sort of rude comment. We do NOT appreciate it when the volunteers chide the users for not being perfectly prepared before they post in these forums.

- Don D'Minion - SpamCop Admin -

OK Don, *I* think *you* are being rude to say what you have about a request that he needed to make and is not in any way rude or impolite (as opposed to being on the edge of impatient and exasperated).

See Emily Post passim.

I would suggest that you work out what Wazoo should have posted and exhibit it here.

Be very careful, since it may appear a great many times.

Link to comment
Share on other sites

Wow! First thought .. yet another one of those in which the response to my e-mail was 'no e-mail' but query would be answerd in the Forum. OK, go see what the answer is. What a surprise. Nothing to do with the question at all, that is my question, the Topic Starter's question, the question the whole Topic has been built upon.

Johnincal, please don't think that SpamCop condones that sort of rude comment. We do NOT appreciate it when the volunteers chide the users for not being perfectly prepared before they post in these forums.

To all .. it is NOT appreciated when paid staff ignores e-mail, ignores user queries, takes the time to allegedly look at a Topic/Discussion and ignore the subject matter involved, only taking the time to waste everyone else's time to handle an alleged mean, cruel, hateful attempt at actually helping by that lowlife Wazoo.

It's a pretty pathetic picture painted to see that the alleged 'support' here seems to be a "search for Wazoo posts and see if I can find a 'good' one to chime in on.... I won't even bother to read the whole thing, as I/we know that Wazoo is typically the first responder, so no need to read anything beyond the first two posts in a Topic" ....

Link to comment
Share on other sites

I don't quite follow why/how the parser seems to handle the

source-tracking portion just fine, only choking when trying to look

at the body contents.

The parse is looking for information in the headers that will tell it what sort of content will be in the body text. If the information in the headers doesn't match what the parse sees in the body text, the parse will not look for web links.

In the past, the parser would have 'died' almost immediately due to the bad content on the first line of this submittal.
Lots of systems and mail clients add irrelevant text to the top of the headers. As long as there is no blank line after the text, the parse will simply ignore it and move on, looking for "Received" lines.

It's a pretty pathetic picture painted to see that the alleged 'support' here seems to be a "search for Wazoo posts and see if I can find a 'good' one to chime in on....
Hope springs eternal that one day you will leave your mean mouth at home with your grandchildren and help visitors without succumbing to your need to chide, chastise, and criticize people.

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

What is needed is asked for, hinted at, spelled out in numerous How to ask a question links scattered around this Forum ..

OK Don, *I* think *you* are being rude to say what you have about a request that he needed to make

That comment from Wazoo isn't a request. It's just another of his vile little comments telling the user that he didn't do all the homework he should have done before daring to step foot into one of Wazoo's sacred forums. The comment is unnecessary and rude. The fact that it accompanies a legitimate request for information doesn't mitigate its offensiveness.

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

That comment from Wazoo isn't a request. It's just another of his vile little comments telling the user that he didn't do all the homework he should have done before daring to step foot into one of Wazoo's sacred forums. The comment is unnecessary and rude. The fact that it accompanies a legitimate request for information doesn't mitigate its offensiveness.

- Don D'Minion - SpamCop Admin -

That's your opinion.

The OP didn't see it as rude. Another poster didn't see it as rude.

You are making up the idea that Wazoo considers the forum /his/ /sacred/ forum. He has never stated, or IMHO, even hinted at the idea.

I know that many posters do get upset with his insistence that they could find the information in the FAQ. I would myself, but not with him because it is obvious that he just has a 'gruff, blunt' way of communicating and does not intend to be mean. I wish that I could make him understand that often it is only the people who can't find the answer in the FAQ who post and that it is futile to try to make it any better or to expect them to be able to find the answer. However, my solution is not beat my head against the wall as he is doing, but to try to explain what is needed. The failures who don't understand are those who are just looking for someone else to do their work for them. It may be your job to help them out, but it isn't mine or anyone else's on the forum.

The fact that you call a poster names and impute vile motives is, IMHO, a much worse image for spamcop than anything that Wazoo says. People may not like his style. He is extremely blunt in pointing out inconsistencies or errors or ignorance, but I challenge you to find anything that he has said that says, 'idiot' or 'stupid' or anything that is negative about the poster's character or intelligence except in your imagination or the poster's (except possibly after a few exchanges and exchanges with you don't count).

Wazoo has never been rude to me, in spite of some spirited exchanges.

Miss Betsy

Link to comment
Share on other sites

...Hope springs eternal that one day you will leave your mean mouth at home with your grandchildren and help visitors without succumbing to your need to chide, chastise, and criticize people.

- Don D'Minion - SpamCop Admin -

That comment from Wazoo isn't a request. It's just another of his vile little comments telling the user that he didn't do all the homework he should have done before daring to step foot into one of Wazoo's sacred forums. The comment is unnecessary and rude. The fact that it accompanies a legitimate request for information doesn't mitigate its offensiveness.

- Don D'Minion - SpamCop Admin -

Don, trust me, that's pure abuse. You are putting your employer at risk. Couching it in the context of an apology to a third party is no mitigation.
Link to comment
Share on other sites

The parse is looking for information in the headers that will tell it what sort of content will be in the body text. If the information in the headers doesn't match what the parse sees in the body text, the parse will not look for web links.

Hmmm, was any research done on this before answering?

  • Thsi specific e-mail contains no URLs in the body.
  • The only X-Line or Context-xxx Line in this headers is Content-Length: 696, hardly a header/body comparison item checking for content 'type'

Lots of systems and mail clients add irrelevant text to the top of the headers. As long as there is no blank line after the text, the parse will simply ignore it and move on, looking for "Received" lines.

Tested and accepted (as far as this goes) ... having no idea when this was actually implemented, noting that the verion number showing for the parsing system hasn't changed in ages.

Original parse - http://www.spamcop.net/sc?id=z1567826653z7...04deda86e87066z

crap line added to/as first line - http://www.spamcop.net/sc?id=z1567828186zc...2d89d258001b68z

crap first line followed by a blank line - http://www.spamcop.net/sc?id=z1567830379ze...60d76f4ef97189z

as expected - no parse, bad / incomplete header error message

So this leads one right back to the original question .... what was in this e-mail that set off the 'error message' ? My original, quick analysis/guess turns out to be wrong. Your 'answer' doesn't seem to apply to this specific spam e-mail.

I note that there is a Yahoo tag-line at the bottom that would normally be an HTML entity, but there is no HTML showing in the spam submittal. This takes us back to the mechanics of its submittal and just what other information may have been 'modified' changed, etc. .... but I already attempted that by mentioning all those other items that talk about information needed, desired, whatever in making a post/query in here, the statement you found offnsive. Even my clarification post talks about "where that first line could have come from".... there may yet be a connection in that part of the process.

Hope springs eternal that one day you will leave your mean mouth at home with your grandchildren and help visitors without succumbing to your need to chide, chastise, and criticize people.

I have absolutely no idea what my grand-kids, neices, nephews, etc. have to do with anything here, though having to admit that time spent with them is typically much more enjoyable than dealing with this type of idiocy. Please remove your "Wazoo-is-dangerous" glasses when anywhere in the area.

Johnincal, please don't think that SpamCop condones that sort of rude comment. We do NOT appreciate it when the volunteers chide the users for not being perfectly prepared before they post in these forums.

I do recall 'asking' you not to do this. That you came back later to make an attempt at proposing an answer in this case is commendable, but .... as stated in numerous postings, ramblings, e-mails by various involved parties, if you want to do this in private, that's your call. Disruption of the (public) Forums is something else.

Also noting that a number of the 'referenced/suggestion' links also include the verbiage "read this before you make your post" .. yet note just how many queries include the request for that identified additional data within the first response .. once again, not like a newsgroup with no established or published FAQ/Rules/Regulations ... not like an e-mail from the cold ... this is a web-based Forum in which folks have to scroll past, jump over, or in countless many other ways, ignore all that preliminary "help us help you" stuff.

Link to comment
Share on other sites

Hey people,

I know that things may have gotten a little out of hand here, but I do appreciate the fact that through everything, you are all trying to figure this thing out.

I also know that many people that visit this forum (and others), just post one time and move on. I can assure you that I am following this with interest, because if SpamCop cannot parse it, that could be the tip of the iceberg.

Anyway, it looks like people are taking this issue seriously.

I hope people continue to try and figure this out.

If you need anything from me let me know, because as far as I can tell, this is not a resolved issue.

Because I have been with Yahoo Mail for so many years, I am a "Yahoo Power User"... That mean, among other things, I get live chat help from them, which means I can get something besides the "canned" computer answers. I know... it is most likely somebody in a call center, but I can try and get more information.

Let me know if I can get some more info from you.

Thanks again!

Link to comment
Share on other sites

I know that things may have gotten a little out of hand here, but I do appreciate the fact that through everything, you are all trying to figure this thing out.

I can't speak for 'everybody' .... as noted, my e-mail upstream has not been addressed. The specifics within this Topic have yet to be addressed. My interest is primarily based on that I hate having to say "I don't know" ... and this one seems like it should be somewhat clear (especially to someone that has access to the actual data, unlike the volunteers here that can only go with what can be derived from these screens, the Tracking URL data, etc.)

Anyway, it looks like people are taking this issue seriously.

Again, the volunteers here do try to come up with answers. I will add that they try really hard, but when support 'from above' isn't there, it's hard to delve out some mysteries.

I hope people continue to try and figure this out.

If you need anything from me let me know, because as far as I can tell, this is not a resolved issue.

I agree, but perhaps the Wazoo-bashing was the end of 'official' support for some reason.

What I would ask goes back to your inital post, which may tie some things together, might explain something else, and yet, may not help at all. At issue is your leading statement and data;

This is the EXACT HEADER that I just copied and pasted from the email in my inbox:

X-Originating-IP: [216.221.81.29]

Return-Path: <jemiller45[at]cogeco.ca>

However, you then post (and as the Tracking URL shows)'

"A & E Textile Co. Limited" <aetextiles[at]verizon.net?>, MISSING_MAILBOX_TERMINATOR[at]SYNTAX-ERROR. wrote: From A & E Textile Co. Limited Thu Dec 13 22:26:09 2007

X-Apparently-To: x via 68.142.206.42; Thu, 13 Dec 2007 22:26:13 -0800

X-YahooFilteredBulk: 216.221.81.29

X-Originating-IP: [216.221.81.29]

Return-Path: <jemiller45[at]cogeco.ca>

As you can see, these data examples are not "the same" .. and the question then would be "why" ....

My first guess is that the screen these two data items were "copied" from were not the same. One perhaps from a "show all headers" type screen, the other from a "Reply/Forward" type screen (trying to come up with the reason for the "wrote:" bit in the 'extra' crap in the submitted spam. This would also likely explain the lack of HTML code around the Yahoo signature block.

However, this would still leave my last posted query as a valid request for specific answers .... there may be more to the story, but apparently that's data thqat is not showing in the Tracking URL page ... so we're back to waiting for someone with access to the 'real' data to come back with something that actually explains what 'we' can't see .... thoughts at present may be some unprintable codes that were included in the screen grab that didn't make it through the parse/store/display sequence for the Tracking URL results .... specifically, lack of header definitions leading the parse to run with the body as being "plain-text" but then stumbling over some embedded ASCII or HTML coding, which then also got stripped out of the 'stored' copy based on being handled as 'plain-text'

All conjecturement on my part, again, as I don't have access to the 'real' data .. just wearing that 'systems analyst' hat again.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...