Jump to content
Sign in to follow this  
sstephy

[Resolved] Are there definitions listed for phrases used?

Recommended Posts

Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions?

I'd like to know what some of the phrases, etc mean to better understand what SC is doing and what the spammers have figured out to hide their identity, etc.

Such as : is not an MX for ....[at]...com

Using last resort contacts

Quick reporting

Cached whois

The above are just a few examples. I've looked through the FAQ and don't find any mention of many of the phrases and abbreviations that are used on the reports.

Thanks for your help, Steph

Share this post


Link to post
Share on other sites
Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions?

I'd like to know what some of the phrases, etc mean to better understand what SC is doing and what the spammers have figured out to hide their identity, etc.

Such as :  is not an MX for ....[at]...com

Using last resort contacts

Quick reporting

Cached whois

28107[/snapback]

to give a quick answer, but it might be a good FAQ when answered by someone who knows more than I do - have you not seen 'Yum, this spam is fresh' or 'I won't bother this ISP'?

'is not an MX for...' I don't remember what an MX is, but it somehow identifies the IP address as being false when tested.

'Using last resort contacts' means that the parser can't find anything using the usual contacts and will use the whois information, I think

'quick reporting' - is a method of submitting spam in batches with no confirmation by the reporter that it is spam. the method also only reports the source IP - no spamvertized links.

'cached whois' - I think that the parser saves the whois information it looks up and will use it again on the next spam for a while (to save time). I don't know how long it holds it. the reason it is mentioned is that whois information does change and the parser is supposed to be dynamic. In fact, reparsing the same spam hours later may come up with different results since the information the parser has looked up has changed.

I don't think that finding out the parser lingo will help you to understand how the spammer hids his identity. What you want is a course on how to read headers and how to tell which ones are fake.

Spammers hide their identities by sending their spew through open proxies. The open proxy does not keep a log the way a relay does so there is no way to know where the email came from that was sent from the open proxy. Also one cannot tell from headers 'who' the spammer is even if they did not forge anything. All one can tell is what IP address the spam came from (and then look up who that IP address belongs to and write that abuse desk). The abuse desk can tell who sent the spam, but they won't tell you unless you have a subpoena. White hat ISPs cancel the account; blackhat ISPs do nothing.

Miss Betsy

Share this post


Link to post
Share on other sites
Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions?

28107[/snapback]

Please see the SpamCop Glossary.
is not an MX for ....[at]...com

Using last resort contacts

28107[/snapback]

Please see my new SpamCop Glossary Entry.
Quick reporting

28107[/snapback]

Please see SpamCop Glossary Entry "Quick Reporting".
Cached whois

28107[/snapback]

Please see my new SpamCop Glossary Entry.

Thanks!

Share this post


Link to post
Share on other sites

For a newbie, I don't think you explained 'cache' enough. (I figured out what it meant because I know what a cache is) Not all people know the basic meaning of the word and if they don't use computers very much except for email, may not realize that the whois information is saved (cached) on the parser computer to use again. There also must be an expiration time so that the parser looks it up again.

I would put it under 'cache' - explaining what a cache is, not under whois. Doesn't the parser also cache abuse addresses from abuse.net? And maybe other information?

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×