Jump to content

Readable Addresses


Excedrin

Recommended Posts

:o I have noticed in the reports that are generated that there seems to be a glitch. There is a line usually labled "Original-recipient:" that lists the email address of the last person recieving the email. This is the address of the person reporting the spam. Apparently it does not get blocked out if it dosen't match the address the email was sent to. Like when you have an address forworaded to another. You have to delete this line from your headers that you submit or it will be passed on.
Link to comment
Share on other sites

Actually, I do not think this is a glitch but rather a posible problem with how you are submitting the mail.

You did not post a Tracking ULR so much is just guess work.

Have you set up MailHosts yet?

If not, how would you expect the Parser to know that the previous receipent was you and not that of a sender.

Remember headers can be forged, and that the forgery can go several layers deep. That is why MailHosts was sent up and why it will not go any further that the first vaild mail server after the last registered server belonging to your mailhosts. (Nothing else can be trusted, all the remainder are subject to forgery)

If you have setup MailHosts and your addresses have not been handled in the same maner for each of your servers, then there may be a glitch that should be checked out, but again without a tracking ULR that is not much that can be done.

here is a sample of one of my parses and you will see that the parser replaced my name with "x" thoughout the chain. http://www.spamcop.net/sc?id=z672106123zd3...b14b2e6c49e2fez

Link to comment
Share on other sites

I had not gone through the MAILHOSTS before. But after reading your reply, I did. The results are the same as before I went through the MAILHOSTS and putting in all my Info. The line with "Original-recipient:" still does not get changed. So, just for Somebodys information I had a chance to report 2 more SPAMS and I left everything as is to check but had to change the name on the offending line before I submitted them. On the first one I changed my real address to "MyAddressIsHere" and on the second one I replaced my address with ""Whatever is on this line gets through AS-IS". I dont want to advertise my address on an open forum. But here are the links to the two reports for the experts to look at.

#1 is:

http://www.spamcop.net/sc?id=z672227398z90...e52ff28d77e506z

#2 is:

http://www.spamcop.net/sc?id=z672236455z4b...5a9b979b5a82d1z

I did not see the line in your example that has the "Original-recipient:" so I am only guessing that you are using a different email program than I am.

_________________________________

Actually, I do not think this is a glitch but rather a posible problem with how you are submitting the mail.

You did not post a Tracking ULR so much is just guess work.

Have you set up MailHosts yet?

If not, how would you expect the Parser to know that the previous receipent was you and not that of a sender.

Remember headers can be forged, and that the forgery can go several layers deep.  That is why MailHosts was sent up and why it will not go any further that the first vaild mail server after the last registered server belonging to your mailhosts. (Nothing else can be trusted, all the remainder are subject to forgery)

If you have setup MailHosts and your addresses have not been handled in the same maner for each of your servers, then there may be a glitch that should be checked out, but again without a tracking ULR that is not much that can be done.

here is a sample of one of my parses and you will see that the parser replaced my name with "x" thoughout the chain. http://www.spamcop.net/sc?id=z672106123zd3...b14b2e6c49e2fez

17393[/snapback]

Link to comment
Share on other sites

I'm not sure I really want to use the words "non-standard" .. but ... look at the placement of that line. Yes, it is being inserted after receipt, after handling, not part of the original spam. I'll toss out the apparent guess that as it's sitting there amongst the X-Lines, it is pretty much ignored by the SpamCop parser. I'm not really sure what the purpose of inserting that line is supposed to accomplish, but .. it does appear that you're going to have to keep handling this yourself or talk to your ISP and attempt to get them to remove that line ... or go with the fact that spammer already has your e-mail address so what's the big deal in making it known that you complain?

Link to comment
Share on other sites

I've been doing some digging. It looks like the Header-tag "Original-recipient:" started being included in the headers after 7/30/2003. I have looked at three different computers here and that "Header-tag" does not appear in any emails 7/30/2003 but it always shows up on and after 7/31/2003. It dosen't matter where the email originated from. ie.. WebTV, Outlook Express, Web based email or where ever. So I can only surmise that either it's being added in there before it reaches my inbox. Possably from my server except that I have an email (the first one with that Header-tag in it) that also showes that same Header-tag on the forwarded email inside the email that shows that senders email address. (the one that sent it to the one that forwarded it to me.)

Who knows! It might be a windows thing.

_________________________________

I'm not sure I really want to use the words "non-standard" .. but ... look at the placement of that line.  Yes, it is being inserted after receipt, after handling, not part of the original spam.  I'll toss out the apparent guess that as it's sitting there amongst the X-Lines, it is pretty much ignored by the SpamCop parser.  I'm not really sure what the purpose of inserting that line is supposed to accomplish, but .. it does appear that you're going to have to keep handling this yourself or talk to your ISP and attempt to get them to remove that line ... or go with the fact that spammer already has your e-mail address so what's the big deal in making it known that you complain?

17402[/snapback]

Link to comment
Share on other sites

As I stated in my last, this line is inserted after the anti-virus check, before the SpamPal check .... is this on your system or your ISP? ... that one e-mail shows up without this line (does it include the AV and SpamPal check?) may have something to do with white-listing?

Link to comment
Share on other sites

Both email examples do have all three lines.

The "X-Virus-Scanned:" line.

The "Original-recipient:" line.

The "X-SpamPal:" line.

So if what you are asking is could "Outlook Express" be adding this "Original-recipient:" line? I could only say possably. But that dosen't explane how I can recieve emails from "NASA" that DO NOT HAVE THIS LINE.

Then again, if it is being inserted by "Outlook Express", how do I turn it OFF ?

Both the Virus scan and SpamPal are run on my local machine...

Link to comment
Share on other sites

No, I would not be asking if "Outlook Express" added this stuff, as OE does not have this capability. If you are running both applications on your system, then it's one of those tools that's adding the line. Shouldn't take but a few minutes to turn them off, send yourself some e-mail, check the headers, turn one back on, send some more e-mail, check the headers, turn the other tool back on, do some more e-mail checking. Then you'll know which application is doing it, and perhaps that will get you closer to seeing how to turn this off (if it's possible) ... or complaining to the application's owners.

Link to comment
Share on other sites

Well, unexpected things come from simple mistakes.

I tried your suggestion. Disabling my AV and SpamPal. The only Header-tag I could delete was the one for SpamPal. So I took it a step further and rebooted without any AV, SpamPal, Proxy or even my firewall that also has an email feature. Thats when I made the mistake... I typed the address to send the email to wrong (by one little letter).

So I get this bounce from the mail server.. He He He... and it's header shows only the "Original-Recipient: rfc822;(My Address Here)" with no Anti-Virus stuff... Except inclosed from the original emails header it shows the "X-Virus-Scanned: (My AV ???) with NO line about "Original-recipient:"

Possably OE is still using a AV routines module that you can't control or the ISP's Server is doing it. I can't tell without totally uninstalling everything that might use anti-virus modules. And I'm not sure where the product keys might me to re-install them afterwards.

Needless to say. I could not stop or avoid the Header-tag "Original-recipient:". I might try another email program like Eudora or something. Maybe...

It would be a LOT easer if the parser at SpamCop would do something about that Header-tag..

________________________________

No, I would not be asking if "Outlook Express" added this stuff, as OE does not have this capability.  If you are running both applications on your system, then it's one of those tools that's adding the line.  Shouldn't take but a few minutes to turn them off, send yourself some e-mail, check the headers, turn one back on, send some more e-mail, check the headers, turn the other tool back on, do some more e-mail checking.  Then you'll know which application is doing it, and perhaps that will get you closer to seeing how to turn this off (if it's possible) ... or complaining to the application's owners.

17432[/snapback]

Link to comment
Share on other sites

Well, I tried Eudora with the same results. The Header-tag "Original-recipient:" is there also.

What to do? What to do?

That means that it is either comming from my ISP mail server or it would have to be something else within "Microsoft Windows."

Sorry, I'm not changing operating systems.... :angry:

Link to comment
Share on other sites

If it was "Windows" .. just about everybody would have thoselines showing .... IF it was OE, even I would have those lines in my incoming .... I don't run my incoming e-mail through an AV, I have both a hardware and a software firewall in use, I have dozens of e-mail accounts including HotMail, Yahoo, and my ISP ... I run a system here that handles filtering for a number of folks, do on-call support for a number of local ISPs .... no one around here has that added line in their e-mail ... and that's as far as I can take you.

Link to comment
Share on other sites

I had not gone through the MAILHOSTS before.  But after reading your reply, I did.  The results are the same as before I went through the MAILHOSTS and putting in all my Info.  The line with "Original-recipient:" still does not get changed.  So, just for Somebodys information I had a chance to report 2 more SPAMS and I left everything as is to check but had to change the name on the offending line before I submitted them. On the first one I changed my real address to "MyAddressIsHere" and on the second one I replaced my address with ""Whatever is on this line gets through AS-IS".  I dont want to advertise my address on an open forum.  But here are the links to the two reports for the experts to look at.

#1 is:

http://www.spamcop.net/sc?id=z672227398z90...e52ff28d77e506z

#2 is:

http://www.spamcop.net/sc?id=z672236455z4b...5a9b979b5a82d1z

I did not see the line in your example that has the "Original-recipient:" so I am only guessing that you are using a different email program than I am.

_________________________________

17394[/snapback]

You forward your email from arrl.net to your ISP account? I suspect that either arrl.net or your ISP is adding that header.

Ellen

Link to comment
Share on other sites

Well, I decided that it has to be comming from my direct connect ISP. I'll call it "local". Because I ran the tests only to the local and back (me to me) and also since I have more than one address on this local ISP I also sent them crosswise. Same results. I just got off the net digging around my local ISP's help info and came yp with an address or at least a place to enter a tech question and described my problem. Hard to do in less than 500 pages.<GRIN> So now I wait to see what they say about it. I feel that they will probably say that YES they are inserting the Header-tag but that thier policy (of some sort) prevents them from excluding it just on my account....

And I feel that that SpamCop probably won't bother with it on thier end either. So that leaves me with doing it MANUALLY MYSELF. <YUCK>

I'm still waiting to see if working through Spamcop is going to do anything (like SLOW some of this junk down.) I've already had to report over 80 something SPAMS in less than a week.

That's why I broke down and started getting aggressive about this. I had redirected my arrl mail to a new account then deleted it to get some piece and quiet. That was last December when I was recieving over 40 SPAMS per day. But I really liked that address so last week I redirected it again to a usable account but the crap was still there..<FROWN>

OK... I'm off the soap box now...<grin>

Link to comment
Share on other sites

I did not see the line in your example that has the "Original-recipient:" so I am only guessing that you are using a different email program than I am.
I am using and older version of OE 5.00.

I'm still waiting to see if working through SpamCop is going to do anything (like SLOW some of this junk down.) I've already had to report over 80 something SPAMS in less than a week.
I am afraid that your logic is a bit off base on this one. Reporting spam through SpamCop helps the general public at large but unless you are personally (or one of your receiving ISP's) are using the SpamCopBL to filter / block spam, the amount of spam that you actually receive in your inbox is more likely to increase rather than decrease. This is due to the fact that your name/address/other encoded information my be included in reports that may make their way back to the original spammer depending upon the actions taken by their ISP. Another factor controlling this is your preference setup.

There basicly three options.

1) Report as a mole - basicly a waste of time, no reports are sent, the SpamCopBL is not affected, only gets added to summary reports that may or may not be used by the ISP's involved.

2) Munged reporting - your name and address are removed where ever possible and replaced by and "x", you can refer to my previously posted tracking ULR for an example. In your case the "Original-recipient:" header does not seem to be recognized by the parser. There is a chance that SpamCop may add that to the list of headers to check and correct.

3) Intact reporting, no munging of data - most effective in fighting spam in general as some ISP's refuse to accept munged reports, but more likely to increase the amount of spam you personally receive.

If your goal is to reduce the amount of spam getting into your Inbox, I would recommend using the SpamCop email account to do the filtering for you. The only other option is to try to do filtering on our own or find a different ISP who will do it for you - Earthlink, for example, but I must add, all my mail goes through my Earthlink account which I forward to my SpamCop account because I was not happy with the results I was getting from their filtering, which has an extreme setting that does block nearly all spam but requires that any sender you want to receive mail from must be on your personal white list or it gets bounced back, and a much more conservative setting that lets lots of spam through but has a near zero false positive rate and if you use their webmail interface allows for personal blacklists that will greatly improve results. But I prefer OE so it did not work for me.

Enough babbling.

Good luck in your attempts and thanks for helping the rest of us fight spam in general. I hope you find this at least a bit helpful.

Link to comment
Share on other sites

Ouchhh!

I thought I was part of the public at large. I am also using a filtering program based on more than just SpamCopBL, but I'm not blocking or deleating them from the server without downloading them (YET). I'm still testing the reliability of the filter. Like any software that I tryout, if/when it proves USEFULL, I am more than willing to PAY FOR IT. This includes SpamCop, SpamPal,Sam Spade etc... etc...

And Yes my ISP also uses blocking procedures via databases including their own inhouse one. So in "THEORY" yes I do expect the volume of spam to drop at least somewhat. Otherwise there is no use of reporting in the first place. Now I will be tickeled "PINK" if my reporting helps others to block this stuff effectively.

I know, I can and have changed my email address (several times) to stop this stuff but that only works for so long. Like when I switched back in Dec-03, notified all the people I usually get good emails from of my new address, only to have to do it again in May-04 just because I slipped up and gave my email address to the checkout counter person at "Micro Center" while purchasing some new computer hardware. Within 24 hours the amount of spam I was recieving jumped from 1-2 a month to 5-8 per day. "NEVER AGAIN !!!" Everybody needs a "TRASH"mail box for those times when you think you NEED to give out "A" email address for some purchase.

Well, looks like we've gotten off of the main topic here. The topic was <dig out old printout here> "Readable Addresses"--(Addresses readable in reports) via (Original-recipient: rfc822;someone[at]myhost.isp)

I'm still waiting to hear from MY ISP after asking them if they are the ones that are adding this Header-tag to my incomming emails. I suspect that they are also the ones adding the tag "X-Virus-Scanned:" because of the tests I have run with my Antivirus program totally disabled. but that's for another forum somewhere else.

But while I'm on here a good question to maybe start a new "topic" might be

When I send reports to/through SpamCop should I also report the exact same spam through my ISP every time? At the same time? And others?

BTW, Thanks for the good luck wish. :)

Link to comment
Share on other sites

Sorry if I miss read your post. I have seen way too many new members who have just started reporting but are not using any filtering/blocking and are expecting to see a decrease in spam reaching their Inbox. It sounds like you are definately on the right track.

Everybody needs a "TRASH" mail box for those times when you think you NEED to give out "A" email address for some purchase.
You could not have made a truer statement!!!!

Giving out your primary address to any retailer is spam suicide.

Link to comment
Share on other sites

Well I am NEW to some of the NEW tools. New at least to me like SpamCop. Even though they may have been around for years. I just finally got FED-UP enough with all the junk to start getting aggressive about it. Maybe that's not the right word. PRO-ACTIVE might be a better word. :D

Anyway, I'm still waiting to hear from my ISP. They must be really digging through there manuals, updates and policies... May be awhile... :(

_______________________________

Sorry if I miss read your post.  I have seen way too many new members who have just started reporting but are not using any filtering/blocking and are expecting to see a decrease in spam reaching their Inbox.  It sounds like you are definately on the right track.You could not have made a truer statement!!!!

Giving out your primary address to any retailer is spam suicide.

17497[/snapback]

Link to comment
Share on other sites

Well, It looked like I wasn’t going to get any response from my first attempt to contact my ISP. So I have tried another avenue. If and/or when they reply to anything I have tried to send to them, I’ll post something about their response here. My (GUT) feeling about it is not very positive (unfortunately) (Thank God for spell check in Microsoft Word) .

Still waiting in limbo!!!!! :(

Link to comment
Share on other sites

Talk about passing the buck!!!

Just as I expected. They ARE inserting the Header-tag “Original-recipient: rfc822;<my email address>” into the headers of ALL of my incoming emails. And they don’t want to take responsibility for it. I’m including the email response that I received from my ISP so everybody can see what to expect from their ISP’s should they encounter this same problem.

It will take me some time to read and evaluate the (37 page) specification listed in the first link. But using the “find on this page” menu option in MS-IE, I failed to find the exact header tag “Original-recipient:” mentioned anywhere in the text. If anybody else can find it in the text where it specifically states that any (ISP) has the authority to change/alter the header of an incoming email to reflect the receiving users email address PLEASE LET ME KNOW. Like I said I have not had the chance to read all the way through this SPECIFICATION (YET), but I will be for the next few days. So PLEASE don’t jump on me too soon…..I will need a (FEW DAYS) to digest this material before I can formulate a response to my ISP about their response….<GRIN>

It seems to me that that (my ISP) is trying to ignore this problem. Although it really is only a problem when trying to report spam without giving away other “more direct email addresses” of the person reporting the spam…

This is JUST (FYI)….

***BUT***

When I do respond to my ISP’s email response I would (like) to include an “(OFFICIAL)” response from “SpamCop” stating their “position” about the situation.

I’m only stuck in the middle here……

_________________________________________________________________________

My disclaimer: the following email response has been modified by me for security reasons both for me personally and for my ISP. Any changes that I have made are in double brackets ie…“[[changed text here]]”. The change is for security reasons only and will be descriptive.

_________________________________________________________________________

______________________MY ISP’s Response (filtered… for security reasons ONLY)_______

Thank you for e-mailing support!

The e-mail system is adding this, just as any e-mail server does. Whatever mail server is sending the original message adds that line. This line is merely a notation about Internet Standard code, you can read more about it here: http://www.faqs.org/rfcs/rfc822.html

This should not cause a problem for spamcop, I would suggest contact spamcop at http://www.spamcop.net/help.shtml to see what else can be done.

Sincerely,

[[my ISP]] Support

------------------------------------------

[[phone number]] (toll free # for support)

[[phone number]] (customer support)

[[phone number]] (TTY)

[[phone number]] (sales & billing)

When responding, please include all previous notes, comments, e-mails, and/or documentation.

------------------------------------------

----- Original Message -----

From: [[My Name]]

To: localissues[at][[MY ISP]]

Sent: Thursday, September 23, 2004 7:44 AM

Subject: Non Response from [[My ISP’s Name]]

I recently requested help from [[My ISP’s Name]] Support for an issue concerning my account. I do not have the exact contact records because I had to use your online-form to report/request HELP....I have not received so much as a recognition that you received the request for help. The Issue is that it appears that the [[My ISP’s Name]] email system appears to be adding a tag in the header of ALL of my INCOMING emails that reads "Original-recipient: rfc822;(MY-EMAIL-ADDRESS)" that is causing me a small problem in my attempts to report spam (unsolicited email) via SpamCop. SpamCop's parser does not recognize this tag and therefore ignores it (and anything after it) thus revealing my email address with [[My ISP’s Name]] within their reports that try to x out the origin of the person reporting the spam (EMAIL ABUSE). This is of great concern to me as I have already had to change my email address 3 or 4 times in the last year just to stop the incoming spam.

I need to hear something from you as to whether your email system is adding this tag "Original-recipient: rfc822;(users-email-address) or not. If NOT then I need to do some really deep digging into my operating system to find the problem of which I don't feel qualified for that extensive a job with my limited knowledge. But from all the tests that I have run so far, indicates that the header tag in question (Original-recipient: rfc822) is not something that is created on my computer either before sending or during reception of emails. That tells me that it must be coming from your system. From my records this tag was introduced on or about 7/31/2003.

I hesitate to bring up the fact that I have recently noticed that my IP address is under attack from several systems pinging or trying to connect from inside and outside the USA. I have only recently installed software to try and record/log the attempts to determine which are only accidental and/or persistent. I'm still learning. Thank GOD I have FIREWALLS in place...

[[My Name Here]])....

[[My Email Address Here]]

_______________End of email response from my ISP _______

Link to comment
Share on other sites

Wazoo,

I read your Post/Reply and clicked on the link and printed the page(s). Looking at it, about the only thing related to my “Original Post” is the fact that the person that received this spam and is trying to report it, is that it looks like his ISP is also including/inserting the Header-Tag “Original-recipient: rfc822;(((etc….)))” just like my ISP is doing. Also the Header-tag (in his received email) “X-OriginalArrivalTime: 30 Aug 2004 19:04:02.0346 (UTC) FILETIME=[1CF048A0:01C48EC4]” looks like a Header-tag that I have seen in the headers of some of my own emails before (and stopped about 7/31/2003),(the same time the Header-tag “Original-recipient:” started on my stuff). It does look like (at least from the posting) that this person has recognized the tag and has modified it (for the posting)(as I would) to prevent his direct email address from being broadcast to everybody in the world….<Grin>

Other than that I do not see any familiar addresses in the excerpt of the report…

_________________________________

Just responded in another Topic http://forum.spamcop.net/forums/index.php?showtopic=2697 in which the sample spam provided by that use also included your objectionable line .. any connection, servers, ISPS, etc.?

17641[/snapback]

Link to comment
Share on other sites

Well, After reading through the RFC822, and not finding any thing relevant in it except how the header-tags are to be formatted, I had to dig around for more updated references. I did come across more RFCs that DO mention the specific header-tag “Original-recipient: rcf822;<just put your address here>” . The relevant ones are:

RCF3798.html (Aug 1, 2004)(the most recent)

RFC3464.html (Aug 1, 2004)

RFC3461.html (Aug 1, 2004)

RFC2298.html (Aug 1, 2004)

RFC2156.html (Aug 1, 2004)

RFC1894.html (Aug 1, 2004)

RFC1891.html (Aug 1, 2004)

RFC3798.html.old (May 13, 2004)

RFC3464.html.old (June 10, 2003)

RFC3461.html.old (June 10, 2003)

RFC2298.html.old (June 10, 2003)

RFC2156.html.old (June 10, 2003)

RFC1894.html.old (June 10, 2003)

RFC1891.html.old (June 10, 2003)

Each one is between 20-50 pages of suggested changes to the specification STD-0011 adopted August 13, 1982 from RFC822 which is more readable but has since been made obsolete by RFC2288 April 2001…none of which specifically refers the header-tag…

What it all seems to boil down to is that the use of this specific header-tag is intended for tracking purposes while the email is in route… Even though it is not specifically in the (SPECS) as such, It is apparently being implemented globally on a voluntary basis.

So that leads back to my initial question about what can be done about the header-tag showing up in SpamCop’s reports that expose the reporters email address when the parser removes all other references to same.

Until SpamCop’s parser is modified to quit exposing this users address you will just have to delete the info on that header-tag. And don’t forward your spam through the email submittal route because then you can’t delete the sensitive address.

Link to comment
Share on other sites

I just ran a search of my local saved mail folders...thousands and thousands of messages, coming from countries around the globe, every system imaginable, and out of all those messages, there was exactly *one* with any sort of "Original-Recipient" line in the headers, sent from a "telia.com" user in Sweden. However, it was an "X-Original-Recipient:" recipient line, and not the one your system is adding.

In fact, when you do a Google search on "Original-recipient: rfc822" (watch your spelling...in your latest response, you've got it as "rcf822"), you'll probably see it most often in the *body* of delivery error messages, like this:

Reporting-MTA: dns; monet.mingpaoxpress.com

Arrival-Date: Fri, 24 Oct 1997 14:25:54 -0400

Original-Recipient: rfc822;listproc[at]mingpaoxpress.com

Final-Recipient: RFC822;listproc[at]mingpaoxpress.com

Action: failed

Status: 5.1.1 (User does not exist)

Diagnostic-Code: x-local; 550 (User does not exist)

Last-Attempt-Date: Fri, 24 Oct 1997 14:26:00 -0400

(that was found here)

I've seen it used a LOT in that fashion....but never, ever in the headers of a message...it doesn't belong there.

DT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...