[SpamCop-List] Re: One for dave null...
jg at coks.net
Sun Nov 6 22:19:31 EST 2005
On 11/6/2005 2:09 PM Mike Easter scribbled:
> jg wrote:
>>Is there anything odd about this spam ?
> Did you examine the spambody?
No, not beyond the source - I don't like to read spam...
>Aside the SC lack of
>>obfuscation issue, is this a case of spammy dummy (redundant) or
> How do you mean? And there isn't a lack of deobfuscation in what I saw.
> SC deobfuscated.
My orig. link above will not resolve for me - don't know why, so I can't
revisit this report at the moment
But seems like I was trying to say, whats the point of multi fake
spamverts (I misspoke the notify word)?
>>I speaking of the multi notifies...
> There are 'multi-spamvertiser' links, none notified.
> There are two versions, the text/plain version part of the multipart,
> and the text/html part of the multipart. So, if your mua/OE is
> configured to render the html, it ignores the plaintext version and you
> see one set of links, andb/but if your mua/OE is configured to read
> plaintext only, you see a different set of links.
er, hmmm..their point?
> SC deobfuscates both versions, 2 links per version, but fails to resolve
> any of them.
I take deobfuscate to mean derive a URL that is resolvable - how do you
know you deobfuscated without a resolution?
I will now put on my helmet in case my ignorance is showing...
> My resolver resolves the html version links to the .kr 22.214.171.124
> which is spamhaused and thus is unresponsive and not worth notifying.
> The plaintext version links don't resolve.
so 2 weren't fake - whatever
> There is nothing worth notifying lost by SC not resolving the html
> links -- except that nothing in the spam makes it to sc-surbl.
Well, I knew /something/ was odd - SC goes to dev null and I go to the
FTC - similiar piles?
I've been getting virtually the same spam daily for about 2 weeks now,
with the same spamverts from sources bouncing all around the far east
with an occasional stop in so. america and dada (?). Kornet is a pretty
common thread, and I suddenly got 5-6 Paypals in 2 days (normal Paypal
flow is 1 a month or so}...
> If the parser were reconfigured with my 'do not resolve' recommendation,
> the links would have been provided to sc-surbl. SC's notifies for
> spamvertisers aren't valuable and largely disregarded by SC, but if the
> parser were reconfigured, the surbl databasing of the spamvertiser links
> would have been worthwhile.
Any reason SC wouldn't do this?
More information about the SpamCop-List