![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: No URL detected; Onlinereplicastore/Rolex spammer
Mike Easter
MikeE at ster.invalid
Sun Jan 16 09:47:10 EST 2005
Karl-Josef Ziegler wrote:
> Spamcop seems to have problems with the detection of URLs in the
> body of message from the Onlinereplicastore/Rolex spammer:
The problem here is that there is a bad headerline in the submission,
and there is a misleading Content-Type. SC's verbose doesn't alert you
to what is really going on; it just doesn't find the bodylinks. I
can't tell whether the item was misconfigured by the spammer or
submitted wrongly somehow. SC uses the information in the content-type
to parse the body, and it can't abide non-header elements in the header
www.spamcop.net/sc?id=z713279003zf9b767e097daa6e67c70b5dd723ccff8z
This nonconforming line doesn't belong:
>From overheadshu at germain.com Sat Jan 15 17:39:20 2005
and the content type indicates a boundary delimitor, which
delimitor/boundary is missing from the two different kinds of parts in
the body
Content-Type: multipart/alternative;
boundary="FyCeI0mugi4GOcBjz"
Here's the parse without the bad headerlines, the misconfigured one and
the content-type/boundary misinformation. An alternate way of 'forging'
the parse would have been to introduce boundary delimitors for the body.
www.spamcop.net/sc?id=z713343268z547f4d6e94abd0a0f52d5e1f6bf2ace5z
Resolving link obfuscation
http://nugecutfiknut.mejc.com/r/vron/umhc.asp
host 200.146.101.173 (getting name) no name
http://uxijeat.raoy.com/replica/vron/nrag.html
host 200.146.101.173 (getting name) no name
but it isn't legal to make such a material change to a spam before
submitting it.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list