X-Headers and SpamCop

[kenm]

Greetings,

I would like to include additional information when automagically reporting spam if it exceeds specific values in spamassassin. The easiest for me is to add an X- header entry before forwarding on the suspected spam message. However, I don't really want this information to go to the ISP since it is not part of the "original" message I received.

Are there any X- headers I can use that will only be presented by SpamCop on the verification screens but not forwarded to the ISP or reporting agency? This type of additional information would help me (and possibly others) in determining if the message is truly spam or just really messed up ham.

Thanks in advance

Ken

[Wazoo]

when automagically reporting spam if it exceeds specific values

you might want to expand the definition here. Others have automated their submittals, even got away with it for a while, then one day .. something goes wrong. I still recall one user mentioning that he'd reported himself over 250 times in just a matter of minutes .. guess what happened to his account(s)

... add an X- header entry before forwarding ... since it is not part of the "original" message ...

If you're "forwarding the spam" ... then how could you possibly stick something in the headers that would not be "part of the original" ..???

...determining if the message is truly spam or just really messed up ham

I find this confusing .. if you can't figure out if it's spam or ham or messed up something, then the above mentioned "automagically reporting" sounds very dangerous indeed.

I'm going to say that there's something I'm not understanding in your query, and not that i'll have an answer in any case, I'm thinking you might want to re-word something in here that would go beyond just the words used thus far.

[kenm]

Thanks Wazoo for the reply.

The message is processed by MimeDefang and subsequently by SpamAssassin on a central mail server. If a specific score in SpamAssassin is reached, the message is then forwarded to SpamCop via a forward scri_pt to encapsulate it correctly for processing. However, the message is still waiting for me to complete the processing by clicking on the "Unreported spam Saved" on SpamCop. Additionally, only messages from untrusted sources are processed in this fashion to prevent me from shooting myself in the foot (been there and done that...when I manually submitting reports).

As for how I can change the message when they are being forwarded, since the messages are being processed by MimeDefang, I have the option to manipulate the message to add/change the header before bouncing it to the SpamCop forward scri_pt to send it off to SpamCop.

I have seen messages (1 in 200+) that, due to poor formatting or content, appear to be spam to SpamAssassin when in fact it is ham. When I have any doubt I always check the viewing of the full message on the reporting screen. If I could include the reasons why it was sent to SpamCop, it would help me in fixing up the rules and prevent this misreporting in the future.

[Wazoo]

OK, based on your experience with the bad side of things, I can skip all those warnings <g> ... I am just another user, no power, no authority, so I can't tell you that "this is OK" ... but, the function of X-Lines: stuff is that data can be entered from just about anywhere in the handling of an e-mail. Originator might add an X-Line:, the originator's ISP might an an X-Line:, the ISP's upstream might add an X-Line:, SpamAssassin might add an X-Line: ... and noting that these additional lines are not stripped when the spam goes through the reporting process. So I'm suggesting that there are precedents, other examples, and noting that the inclusion of yet another X-Line: wouldn't normally cause the SpamCop parser "to find something beyond what it would normally discover on its own" ... thus not breaking the letter of "the law" there.

[ewv]

The easiest for me is to add an X- header entry before forwarding on the suspected spam message. However, I don't really want this information to go to the ISP since it is not part of the "original" message I received.

If the only reason you don't want the information to go to the ISP is to avoid confusion over what is original you can include something in the X-header indicating where it was added, but usually it is not a problem because X-headers are routinely added.