Jump to content
Sign in to follow this  
zachariah

When refering outsiders to a report does

Recommended Posts

Define "safe" .... Define "3rd-party" ... The purpose of the referral? Is your configuration set to mung or not? Even if "yes to mung" .. there are limits to what the SpamCop parser sees and handles. There is so much more crud these days in some of these spams that technically could identify you, if the spammer so chooses. Not to forget that even if talking to the spammer, you have already received the spam, so the spammer already has your e-mail address. As far as containing "personal data" ... that actually depends on the specific spam .. and of course, just what you might define as "personal data"

Share this post


Link to post
Share on other sites

I used an email forwarder alias on a site and I then received incoming spam on that alias. I want to show the site admin the report. I have absolutely no reason to think they are spammers. What I most want to protect is my [at]spamcop.net address name.

When I view the url and I am not logged in, I do see "x"s where my personal data goes, and I do have munging turned on. There aren't any funny strings in the subject of body of the offending message (which could presumably identify me, and even so would identify the alias, not my spamcop account).

I have already showed the admin a "hand-anonymized" version of the full source of the message, but thought the bit in the report about which IPs looked forged (based on my mailhosts configuration) might be useful, too.

If you aren't too overworked yet Wazoo, I could PM you the link in question and get your personal opinion, if you think that would help.

BTW: Wazoo rocks!!!!

Share this post


Link to post
Share on other sites
If you aren't too overworked yet Wazoo, I could PM you the link in question and get your personal opinion, if you think that would help.

Actually, that's a bit funny ... just spent an all too short afternoon / evening with some old Army-buddies, dating back to the 70s timeframe ... way too many stories and experiences re-lived <g> .. but no problem with sending it, just no guarantees right now <g>

BTW: Wazoo rocks!!!!

Careful, you just might ruin that reputaion of the nasty guy with no sense of humour <g> ... man, another flashback .. have you ever seen the movie by the name of your handle? (wondering it's available anywhere these days <g>)

Share this post


Link to post
Share on other sites

Yes, I've seen the movie. I didn't get to see the movie until a few years ago, and my dad finally saw it about 6 months later. My dad heard the soundtrack (a reel to reel copy of his friend's record) and really liked the music. He also liked the name and gave it to me when I was born (it's my first name, not just my handle).

You can buy it on Amazon. I bought it a few years ago. What I really want is the record (on vinyl) 'cause I collect records anyway, and it is how I got my name.

Also, I PMed you the spamcop URL.

Share this post


Link to post
Share on other sites
You can buy it on Amazon.

heh ... VHS - out of stock DVD - out of stock

Another DVD (different format) - due out in August 2004

Back in a bit on the PM ... had 30+ when I logged in, almost caught up with going through the Forum postings <g>

Share this post


Link to post
Share on other sites

Ok, in reference to your spam submittal/complaint offered via the PM'd Tracking URL ... The only "danger" points I see that would identify "you" to the spammer would be;

1. the date/time contents of the spam set. If the spammer has access to the e-mail server logs, your spam header content could be married up to the matching info in the e-mail server logs. You might have to flip the coin on trying to decide whether or not that spammer has this kind of access.

2. The Boundary Line sequence of characters. These could be just a random sequence of text bits, or it could be a tracking code. Once again, the "tracking code" possibility is only good of the spammer actually goes to this level of effort, and only if the spammer actually receives the complaint in total.

3. The bottom most Received: line is a forged entry. Once again, going with the paranoia switch set on high, this also could be a bit of tracking code, for instance changing the forged IP a bit between each spam, every 10 spams, etc. On the other hand, this lousy piece of forged data shows up so often these days, one could also assume that it's just a lousy bit of software involved, as I'm not sure just who it's supposed to "fool"

I've not seen monaco-telecom.mc before, so I've no idea of their white/black-hat condition. Their IP is listed on the SpamCopDNSbl with something like 50 somplaints and spamtrap hits, not a good sign. Senderbase shows a 7690% increase in daily traffic, so it's pretty obvious that they have problems <g> If this is the third-party, I'd say that the original complaint has enough data for them to do their homework, and I am sure that they've got numerous other comlaints by now that should give them enough clues as to where their problem is coming from.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×