|
|
"Mike Easter" <MikeE@xxxxxxxxxxxx> wrote in message
news:44a45360$0$79632$892e7fe2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Alyce Addertongue wrote:
>> Could someone explain to me how this email text is being
>> encoded/decoded?
>
> You have not provided the entire message source, and this isn't actually
> the ideal forum to do it. The proper way to copy the entire 'raw spam
> with complete headers' or what I call 'smtp mime' is to select the item
> unopened and unpreviewed [as a general rule for handling undesirable
> mail in general, regardless of the insecurity of your OE/IE
> configuration] and to use File/ Properties/ Details/ Message source
> button. Having accessed that 'message source' you would select all and
> copy and paste somewhere - probably not here, as some people don't want
> to have to download ugly raw spam.
>
> The most likely condition of what you received and pasted part of here
> would consist of at least 3 different parts, the complete headers, and
> then the body in multiparts -- where the first multipart is plaintext,
> which you have pasted in here, and the subsequent parts were some other
> condition, encoded b64 graphic, html, etc.
>
>> Content-type: multipart/alternative;
>> boundary="----=_NextPart_000_0001_01C69B79.EC8735B0"
>
> That indicates the multiparts, and shows the mime boundary structure.
>
>> This is a multi-part message in MIME format.
>
> Re-iterating the above header content type information now in the body.
>
>> ------=_NextPart_000_0001_01C69B79.EC8735B0
>> Content-Type: text/plain;
>
> The first part.
>
> Then, you failed to produce any other part/s which are likely to have
> been included.
>
> Those other parts which you failed to show are an important part of the
> spam. Normally there are a couple of different ways to 'show' ugly raw
> spambodies around with complete headers. One way is for spamcop
> reporters to feed the spamcop parser and to post a tracking url which
> accesses the entire raw spam. Another way for nonspamcop reporters is
> to post the raw spam into the newsgroup news.admin.net-abuse.sightings
> according to the protocol and then to provide a link to that newsgroup
> posting.
>
> Sometimes a raw spambody is a big huge ugly mess of encoded binary.
>
>
>
> --
> Mike Easter
>
Thank you for trying to educate me. Yes, I know this is not the right forum
for an entire spam header dump, I was hoping there was a quick explanation
:-).
The reason I looked at the source code in the first place, rather than just
deleting it, was that, right after the commercial message and a short space,
there were numerous lines of words and gibberish, but they were both
left-justified and right-justified - in the same line! I thought "That's a
neat trick - I wonder how they did that?" When I looked at the source, I
saw that the commercial lines, which had appeared in straight language, had
been "encoded" as shown in my post, and somewhere in the body of the message
was a small script or applet that was running and had "decoded" the message
to my screen. I did not however, see anything I recognised as a script, or
any programming language. Instead, there were several lines of those random
sentence snippets that allegedly flummox the spam filters (tho I'm darned if
I can see how). That was the bottom half of the source I snipped. It
wasn't long, less than a quarter of the entire mail.
Once I realized I was seeing the output of an unauthorized applet, it
stopped being amusing, and I thought I might ask how it is being done.
Clever people, these spammers - such a waste of talent...
~AA
|
|