Ross Posted April 8, 2004 Posted April 8, 2004 I received a spam last night which consisted of several attachments. SpamCop parsed the message but only sent the report to the sender and not to the spamvertized website. Is this a bug? Here's a copy of the message. My email address and server address have been replaced with ****. From webmaster[at]naca-usa.org Wed Apr 7 21:41:15 2004 Received: from smtp813.mail.sc5.yahoo.com (smtp813.mail.sc5.yahoo.com [66.163.170.83]) by **** (8.12.11/8.12.10) with SMTP id i383fEI2014469 for <****>; Wed, 7 Apr 2004 21:41:14 -0600 (MDT) Message-Id: <200404080341.i383fEI2014469[at]mail.cs.nmsu.edu> Received: from unknown (HELO rsr7) (reliefstaff6286[at]sbcglobal.net[at]67.112.85.93 with login) by smtp813.mail.sc5.yahoo.com with SMTP; 8 Apr 2004 03:41:13 -0000 Subject: Info About Nigeria To: **** From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org> Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C06B5E.74675200" Date: Wed, 7 Apr 2004 00:00:00 -0700 Status: R ------=_NextPart_000_0004_01C06B5E.74675200 Subject: Info About Nigeria To: **** From: "Nigerian American Cultural Association" <webmaster[at]naca-usa.org> Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C06B5E.74675200" Date: 4/7/04X-Mailer: Spyder Mailer 1.2 <HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE= >Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG= >For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></= FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w= ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML> ------=_NextPart_000_0005_01C06B5E.74675200 Date: Wed, 7 Apr 2004 20:56:37 -0700 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit For Information About Nigeria Visit Us At: www.naca-usa.org ------=_NextPart_000_0005_01C06B5E.74675200 Date: Wed, 7 Apr 2004 20:56:37 -0700 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML>=0D=0A<HEAD>=0D=0A<META=20NAME=3D"GENERATOR"Content=3D"">=0D=0A<TITLE= >Untitled</TITLE>=0D=0A</HEAD>=0D=0A<BODY>=0D=0A<P><FONT=20size=3D7><STRONG= >For=20Information=20About=20Nigeria=20Visit=20=0D=0AUs=20At:=20</STRONG></= FONT><A=20href=3D"http://www.naca-usa.org"><FONT=20=0D=0Asize=3D7><STRONG>w= ww.naca-usa.org</STRONG></FONT></A></P>=0D=0A</BODY></HTML> ------=_NextPart_000_0005_01C06B5E.74675200--
Wazoo Posted April 8, 2004 Posted April 8, 2004 Did the spammer place the second header bits into this spam, or is there something funky with your apps? .. the "several attachments" thing is also a bit of a curiosity ... your definition vice my definition of the word "attachments" .. you didn't post the whole thing as the additional data not related to the query? .. I don't see the signs of an actual "attachment" in what you provided as a sample.
Ross Posted April 8, 2004 Author Posted April 8, 2004 I've just pasted it as it exists in my mailbox. I have no idea how my mail server could have changed the body contents other than possibly changing the character encoding (but I see no sign of that). If I've misused the term attachment I'm sorry. Maybe a better term is MIME parts?
Wazoo Posted April 8, 2004 Posted April 8, 2004 If I've misused the term attachment I'm sorry Much better, thanks ... there's been some recent dialog on why some of "us" have to answer with techy details, rather than using "plain and simple terms" ... and this is one of those things I pointed out .. those "plain and simple terms" can get folks all screwed up when they are not defined the same by both parties. If I've misused the term attachment I'm sorry Yes, if pasted "as seen" you've got a spammer that either jacked the software "real good" or intentionally hosed up the spam just to try to foil some of the various parsing tools out there, including SpamCop. The second det of header lines is totally bogus, removing them would (probably .. not going to do the research right now) let the thing parse through SpamCop .. but you;d then be in violation of the "thous shalt not modify your spam to force the SpamCop parser to "find" things that it would have normally found on its own" ... and leaving you facing a fine, ban, etc. ... There's nothing to stop you from doing the research and sending a complaint yourself, other than ... are you prepared and knoledgeable enough to guess as to the results of your sending a complaint yourself to an entity... Generating a new throw-away e-mail address somewhere to send the complaint (though this doesn't directly address that your identity may be encoded within the spam elsewhere) is one suggestion.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.