olspookishmagus Posted March 7, 2008 Share Posted March 7, 2008 Greetings once more, the very best to all forum regulars for another time. This is an issue I am facing every now and then lately. I try to report spam and I keep getting pinpointed to the Hotmail FAQ which I think is irrelevant due to that I am not using Hotmail but mailbox.gr another free web based mail service. Here's what worked fine so far. Whenever I got spam I clicked on a Show Headers button that opens a new window with the full headers of the spam but without new-lines even thought the window shows the headers with line-breaks. What I do next is to see the source of the window and this is what I copy after I strip out <XMP> </XMP> tags. This worked every time. But recently some new spams have shown up and I need to know what do I need to do to take care of them. Here's the source of such a spam: <XMP>READ: 1 Gottime: 1204809831 From jameskomo4u2008[at]yahoo.com Thu Mar 06 13:23:51 2008 Return-Path: <jameskomo4u2008[at]yahoo.com> Delivered-To: 1-XXXXXX[at]ZZZZZZ.gr Received: (qmail 8630 invoked from network); 6 Mar 2008 15:23:49 +0200 Received: from n61.bullet.mail.sp1.yahoo.com (98.136.44.37) by 62.103.159.188 with SMTP; 6 Mar 2008 15:23:49 +0200 Received: from [216.252.122.219] by n61.bullet.mail.sp1.yahoo.com with NNFMP; 06 Mar 2008 13:12:53 -0000 Received: from [69.147.65.172] by t4.bullet.sp1.yahoo.com with NNFMP; 06 Mar 2008 13:12:53 -0000 Received: from [127.0.0.1] by omp507.mail.sp1.yahoo.com with NNFMP; 06 Mar 2008 13:12:53 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 452985.92602.bm[at]omp507.mail.sp1.yahoo.com Received: (qmail 28289 invoked by uid 60001); 6 Mar 2008 13:12:53 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=4UKvGaHaQ7lrYQ/JRkwhlG0rDw1MBz8N/BvbXs0dvX+UZtv99Df1Rq8Gznr/bkVjpZRvO3djN8aqom75Fh4AINtAZMNkcmsbaN+M7pwPDYVzxR6c1y7lLBBxtd7qIt/Yg3kV3P2yNEe3mrefWL5mh+t8vqtFfGF7dwKu93ki8hs=; X-YMail-OSG: aXQKOvMVM1lnZH1r2BR6EAIbyIXjocEpvAtLJyz5fn5Qepw_l26mmIK.1I3kHOYDIrPhH2uQgnC_etIhAvKklNXAcJ61nSPBNesS Received: from [41.207.3.194] by web45806.mail.sp1.yahoo.com via HTTP; Thu, 06 Mar 2008 05:12:52 PST Date: Thu, 6 Mar 2008 05:12:52 -0800 (PST) From: james komo <jameskomo4u2008[at]yahoo.com> Reply-To: jameskomo4u0[at]hotmail.fr Subject: Dearest One, To: jameskomo4u2008[at]yahoo.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1625463336-1204809172=:28064" Content-Transfer-Encoding: 8bit Message-ID: <116089.28064.qm[at]web45806.mail.sp1.yahoo.com> --0-1625463336-1204809172=:28064 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Dearest One, I am Mr James Komo from war ravaged SIERRA LEONE but presently domiciled in Abidjan Ivory coast. My father Chief Joseph Komo who before his untimely assassination by the rebels was the Director of SIERRA LEONE Diamond corporation (SLDC). He was killed in our government residential house along side two of my other brothers, two house maids and one government attached security guard fortunately for I, younger sister and mother,we were on a week end visit to our home town As we got the news of the tragedy. We immediately managed to ran into neighbouring Ivory coast for refuge. But unfortunately. As Fate would have it,we lost our dear mother (may soul rest in peace) as a result of what the Doctor called cardiac arrest. As we were coming into this country ,i had some documents of a deposit of $ 28,500.000 USD (Twenty Eight million Five hundred thousand USD ) made by my late father in a Finance House . According to my father, He said that he deposited One Trunk Box in a Security Company in EUROPE and declare it as family Valuable, He intended to use this fund for his international business transaction after his tenure in office but was unfortunately murdered. I had located the security company on Europe where the money is deposited and established ownership. please right now, with the bitter experiences we had in our country and the war still going on especially in diamond area which incidentally is where we hail from .Coupled with the incessant political upheavals and hostilities in this country Ivory coast, I desire seriously to leave here and live the rest of my life into a more peaceful and politically stable country like yours Hence this proposal and request. I therefore wish you can help me in the following regards : 1)To help me invest the money into a lucrative business . 2) To assist me get a college admission to further my education. Please I know that,this letter may sound strange and incredible to you but the CNN and the BBC African bulletin normally have it as their major news features .Therefore for the sake of God and humanity give an immediate positive consideration and reply to me via my e-mail address. I will willingly agree to any suitable percentage of the money you will propose as your compensation for your assistance with regards to the above .please in view of our sensitive refugee status and as we are still conscious of our father's enemies. I would like you to give this a highly confidential approach . Thanks for your kind Attention and and mutual understanding. Best Regards. Mr James Komo Call me +225-07850158 --------------------------------- Looking for last minute shopping deals? Find them fast with Yahoo! Search. --0-1625463336-1204809172=:28064 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit <DIV><STRONG>Dearest One,<BR> <BR>I am Mr James Komo from war ravaged SIERRA LEONE but presently domiciled in <SPAN class=yshortcuts id=lw_1201603634_0 style="CURSOR: hand; BORDER-BOTTOM: #0066cc 1px dashed">Abidjan Ivory coast</SPAN>. My father <FONT face=System>Chief Joseph Komo</FONT> who before his untimely assassination by the rebels was the Director of <SPAN class=yshortcuts id=lw_1201603634_1 style="CURSOR: hand; BORDER-BOTTOM: #0066cc 1px dashed">SIERRA LEONE</SPAN> Diamond corporation (SLDC). He was killed in our government residential house along side two of my other brothers, two house maids and one government attached security guard fortunately for I, younger sister and mother,we were on a week end visit to our home town As we got the news of the tragedy. We immediately managed to ran into neighbouring Ivory coast for refuge.<BR> <BR>But unfortunately. As Fate would have it,we lost our dear mother (may soul rest in peace) as a result of what the Doctor called cardiac arrest.<BR> <BR>As we were coming into this country ,i had some documents of a deposit of $ 28,500.000 USD (Twenty Eight million Five hundred thousand USD ) made by my late father in a Finance House . According to my father, He said that he deposited One Trunk Box in a Security Company in <SPAN class=yshortcuts id=lw_1201603634_2 style="CURSOR: hand; BORDER-BOTTOM: #0066cc 1px dashed">EUROPE</SPAN> and declare it as family Valuable, He intended to use this fund for his international business transaction after his tenure in office but was unfortunately murdered.<BR> <BR>I had located the security company on <SPAN class=yshortcuts id=lw_1201603634_3 style="CURSOR: hand; BORDER-BOTTOM: #0066cc 1px dashed">Europe</SPAN> where the money is deposited and established ownership. please right now, with the bitter experiences we had in our country and the war still going on especially in diamond area which incidentally is where we hail from .Coupled with the incessant political upheavals and hostilities in this country Ivory coast, I desire seriously to leave here and live the rest of my life into a more peaceful and politically stable country like yours Hence this proposal and request.<BR></STRONG></DIV> <DIV><STRONG>I therefore wish you can help me in the following regards :<BR> <BR>1)To help me invest the money into a lucrative business .<BR>2) To assist me get a college admission to further my education.<BR> <BR>Please I know that,this letter may sound strange and incredible to you but the CNN and the BBC African bulletin normally have it as their major news features .Therefore for the sake of God and humanity give an immediate positive consideration and reply to me via my e-mail address. I will willingly agree to any suitable percentage of the money you will propose as your compensation for your assistance with regards to the above .please in view of our sensitive refugee status and as we are still conscious of our father's enemies. I would like you to give this a highly confidential approach .</STRONG></DIV> <DIV><STRONG></STRONG> </DIV> <DIV><STRONG>Thanks for your kind Attention and and mutual understanding.<BR> <BR>Best Regards.<BR>Mr James Komo</STRONG></DIV> <DIV><STRONG>Call me +225-07850158</STRONG></DIV><p> <hr size=1>Looking for last minute shopping deals? <a href="http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping"> Find them fast with Yahoo! Search.</a> --0-1625463336-1204809172=:28064-- </XMP> Whenever I tried to paste this to the SpamCop I get pinpointed to the Hotmail FAQ. I've read the part on the extra newlines and I tried to find myself what is the problem with this spam, unsuccesfuly. So, could you please tell me, what else do I need to with this spam (as an example) so that SpamCop can parse it successfully? Thanks in advance. Link to comment Share on other sites More sharing options...
Wazoo Posted March 7, 2008 Share Posted March 7, 2008 This is an issue I am facing every now and then lately. I try to report spam and I keep getting pinpointed to the Hotmail FAQ which I think is irrelevant due to that I am not using Hotmail but mailbox.gr another free web based mail service. At the time of my typing this, I have no idea how/where your reference to HotMail comes from .... Here's what worked fine so far. Whenever I got spam I clicked on a Show Headers button that opens a new window with the full headers of the spam but without new-lines even thought the window shows the headers with line-breaks. What I do next is to see the source of the window and this is what I copy after I strip out <XMP> </XMP> tags. This worked every time. But recently some new spams have shown up and I need to know what do I need to do to take care of them. Here's the source of such a spam: <XMP>READ: 1 Gottime: 1204809831 Both of these lines are 'bad' as far as the paser is concerned. http://www.spamcop.net/sc?id=z1702611711z0...edda7543add316z is a Tracking URL for your provided sample with the 'Gottime' line dropped in addition to those 'XMP' lines. Note all the special handling required to deal with the multiple Yahoo internal handoffs. for example; Received: from [216.252.122.219] by n61.bullet.mail.sp1.yahoo.com with NNFMP; 06 Mar 2008 13:12:53 -0000 Ignoring NNFMP line to properly assign blame at border I reparsed it, including the 'Gottime' line; http://www.spamcop.net/sc?id=z1702621549zd...a68a49e8f90d1bz .... Please re-read information on parsing hotmail spam. You are doing it wrong. Please read the Hotmail FAQ: Hotmail FAQ bad hotmail I don't have the answer to what is causing this 'error' message and failed parse for this spamvertised URL .... but the answer to your actual question is to exclude the 'Gottime' line from your submittal. The actual issue with the results of this extra line is going to have to be taken up with the Deputies, and more than likely they will have to talk to the programmers. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.