Jump to content
nickjonson

The problem against spam users.

Recommended Posts

I see one problem is that when fighting spam users with an IP address, we might get rid of the real users without the stupid bot. What should I do?

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, nickjonson said:

I see one problem is that when fighting spam users with an IP address, we might get rid of the real users without the stupid bot.

What should I do?

Hey Nickjonson,

Could you provide some more specific, detailed information so we can answer address the questions please? 

Re: "we might get rid of the real users", (imo) there's always a "risk" however, it's not common... Have you had this happen, can you clarify please? 

Do you have any Spamcop tracking urls please?

spamcop turl.jpg

Please let us know?

Cheers!

G🦗H

 

Edited by MIG

Share this post


Link to post
Share on other sites
4 hours ago, nickjonson said:

I see one problem is that when fighting spam users with an IP address,

The source of an email can be identified by the FROM: line or the IP address found in the list of Received: lines in the header.  The FROM: which looks like a good choice and is valid for all legitimate emails emails you received, it is easy to forge by the spammer (or anyone) and maybe a valid email for someone totally unrelated to the source of the spam. Although it could be a Joe Job, The forged/spoofed FROM: is just a randomly selected mailbox.

The IP address found in the header Received: lines must point back to the true source (well mostly).  If the IP address is not correct the network will not be able to do the required handshaking as the email (packets) move through the network to the destination.

As you correctly observe, anyone using the same IP address will also be blocked along with the spammer who shares the IP address.  But this is why spam reports are sent to the managers of the IP address i.e. the abuse[at]... for the IP address or block of addresses.  This gives a 'caring" admin the opportunity check their logs, identify the sender and crush the bugs using their bandwidth.

This is a good reason to have a dedicated IP address, especially if you rely on you email being delivered.

Share this post


Link to post
Share on other sites
16 minutes ago, Lking said:

The source of an email can be identified by the FROM: line or the IP address found in the list of Received: lines in the header.  The FROM: which looks like a good choice and is valid for all legitimate emails emails you received, it is easy to forge by the spammer (or anyone) and maybe a valid email for someone totally unrelated to the source of the spam. Although it could be a Joe Job, The forged/spoofed FROM: is just a randomly selected mailbox.

Around 20 years ago, I used to send my wife occasional emails that would look like she sent them to me, just to make sure that she understood that anybody could send an email with spoofed/fake names. 

So the From: line in the headers is only valid for “trusted” emails. (And then, only if you trust them ;) )

23 minutes ago, Lking said:

The IP address found in the header Received: lines must point back to the true source (well mostly).  If the IP address is not correct the network will not be able to do the required handshaking as the email (packets) move through the network to the destination.

As Lking states, the Received: line in the headers is the one that gets you closest to the original sender. Many times, though, a computer is hacked and some malware is installed, sending the spam from that computer without the knowledge of the real user. Sending spam reports to the ISP of said user is necessary to alert the ISP that the user is either a spammer or has compromised hardware. It is also possible that a company has their own mail server which is open and can be used as a proxy. For the latter, it is also important to have their ISP inform them that they are running an open proxy allowing spammers to abuse their system.

HTH

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×