Please support Spamgourmet

[lwc]

Spamgourmet is a middleman for e-mail messages. Except blocking unwanted messages, it also changes some parts of messages that go through it before it sends them to the final recipients.

As the final recipient, if I want to report a spam I put the message in Spamcop, but since you don't undo Spamgourmet's modifications, you actually expose information to the spammer's ISP which they have no right to know!

I'll show you a fake example of such a message. I'll pretend it was sent from "spammer AT spam.com" to my alias "gotyou.myuser AT spamgourmet.com" - note that I only mention the parts Spamgourmet changes! The rest just go through the standard treatment so no reason to mention them:

Received: from gourmet.spamgourmet.com (gourmet.spamgourmet.com [ip address])
	by MY REAL INCOMING SERVER (8.11.6/8.11.6) with ESMTP id kBLEnaG23089
	for <MY REAL ADDRESS>; Thu, 21 Dec 2006 07:49:37 -0700
Received: from gourmet.spamgourmet.com (localhost.localdomain [127.0.0.1])
	by gourmet.spamgourmet.com (8.13.7/8.13.7) with ESMTP id kBLEnDWg020013
	for <MY REAL ADDRESS>; Thu, 21 Dec 2006 06:49:13 -0800
Received: (from jqh1[at]localhost)
	by gourmet.spamgourmet.com (8.13.7/8.13.7/Submit) id kBLEnCiV019971
	for MY REAL ADDRESS; Thu, 21 Dec 2006 06:49:12 -0800
Received: from spammer.com (spammer.com [ip address])
	by gourmet.spamgourmet.com (8.13.7/8.13.7) with ESMTP id kBLEn9Xe019860
	for <gotyou.myuser AT spamgourmet.com>; Thu, 21 Dec 2006 06:49:10 -0800
From: "Nasty Spammer - spammer AT spam.com"<+gotyou+myuser+a160277082.spammer#spam.com[at]spamgourmet.com>
Subject: spam example (gotyou: message 1 of 5)

Body:
Let's say the spammer mentioned the address "+gotyou+myuser+a160277082.this#address.com AT spamgourmet.com" inside the message.

What I want Spamcop to do is to turn this automaticaly to:

Received: from spammer.com (spammer.com [ip address])
	by gourmet.spamgourmet.com (8.13.7/8.13.7) with ESMTP id kBLEn9Xe019860
	for <x>; Thu, 21 Dec 2006 06:49:10 -0800
From: "Nasty Spammer" <spammer AT spam.com>
Subject: spam example

Body:
Let's say the spammer mentioned the address "this AT address.com" inside the message.

Basically what I do is I make the message appear the way it was before going to Spamgourmet, which means:

1) I cut every received line until the original "by gourmet.spamgourmet.com". Why on Earth would I want you to mention "MY REAL INCOMING SERVER"? It's really not anyone's business.

2) I remove the final dash (if there's more than one) from the "from" and put the address that was after that dash as the real address. No reason to hand over Spamgourmet's reply masking alias for that spammer (it's so we can reply to people and they'll still just see our aliases) to its ISP! What should be there is the spammer's real address!

3) I remove from the subject the closing brackets (if there's more than one pair or just one but it's not in the ending of the subject line) and Spamgourmet's custom message inside them.

4) In the body, I change each address that was mentioned (if any) to its real address instead of its reply masking Spamgourmet alias.

Without those steps, what happens is Spamgourmet, that exists for the sole purpose of helping us, is exposed for no good reason. And you know nothing good can come out of it. Likewise for private information (mainly steps 1 and 3).

The bottom line is that for all the spammer's ISP cares, Spamgourmet is my incoming server.

The private communication between Spamgourmet and myself is not the spammer's ISP business. Its only business is the communication between its spammer and Spamgourmet (before Spamgourmet changes the message).

Since I have to do this manually, what happens in actuality is that I only bother to do step 1) - the only step that can affect me specifically (since it mentions my real incoming server). Step 3) is not technical as it is conceptual (no reason to expose that info to anynoe) and steps 2) and 4) hurt Spamgourmet in general more than in myself specifically.

Then again, even if I created, say, an application that sits in the background of my system for the sole purpose of modifying the clipboard whenever I copy and paste a Spamgourmet changed message into Spamcop, then it wouldn't affect the big picture as the rest of the Spamgourmet/Spamcop users out there would keep pasting without the needed undo's (not to mention many of them may just e-mail you the message instead of copying and pasting).

So please consider doing steps 1)-4) automatically. Spamgourmet and its users couldn't thank you enough.

Thanks!

[turetzsr]

...Couldn't determine if this was primarily an advertisement (and, parenthetically, borderline spam) for Spamgourmet (no, I am not going to navigate to a link offered by someone I do not know for a web site regarding a product about which I know nothing) or a new feature request:

<snip>

So please consider doing steps 1)-4) automatically. Spamgourmet and its users couldn't thank you enough.

but since the bulk of the content seems to be about Spamgourmet and how the OP does spam reporting, I opted for moving it to the Lounge rather than the New Feature Request forum. If anyone with the power to do so thinks I was mistaken, please do not hesitate to move it to a more appropriate forum.

1) I cut every received line until the original "by gourmet.spamgourmet.com". Why on Earth would I want you to mention "MY REAL INCOMING SERVER"? It's really not anyone's business.

...Do what you wish but do not be surprised if you find yourself banned by SpamCop staff for willfully violating SpamCop's published rules against material changes to spam. Note, especially, the first sentence on that page about Material Changes to spam.

[StevenUnderwood]

You agreed to certain things when you signed up for your reporting account. If you can not live by those rules, you always have the option of not reporting your spam. I know nothing about the product you are using, but perhaps you could talk to them about not introducing the additional headers (though that might cause other problems) or reidirecting spam to an alternate locatation and not adding the headers to those messages?

Your solution would be virtually impossible to implement successfully because each different system could be configured differently.

Also, for legal reasons, spamcop's information would lose credibility if it were in charge of "cleaning up headers". It would leave open the possiblity that spamcop cleaned up the headers of the "real source" as well. The only modifications spamcop makes is to the reporters email address and only for systems that accept munged reports.

[turetzsr]

You agreed to certain things when you signed up for your reporting account.

<snip>

...To refresh your memory, please review the Sign up for SpamCop reporting page, especially the section labeled "Changing Your spam" when you navigate to the link labeled "Learn more about what to report and what not to report to SpamCop." However, that discussion is not complete (at least IMHO) and, therefore, it is also important to read SpamCop's published rules against material changes to spam to which I referred in my earlier reply, above.

[SpamCopAdmin]

Basically what I do is I make the message appear the way it was before going to Spamgourmet

Modifying the headers of the spam you submit is absolutely not allowed. All you can do is delete your email address, nothing else.

If you can't live with submitting the raw headers and text the way they came to you, please don't use our service.

Thanks!

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

[Merlyn]

...Couldn't determine if this was primarily an advertisement (and, parenthetically, borderline spam) for Spamgourmet (no, I am not going to navigate to a link offered by someone I do not know for a web site regarding a product about which I know nothing) or a new feature request:but since the bulk of the content seems to be about Spamgourmet..........

My thoughts exactly!

[lwc]

First of all, I'm not a spammer. What kind of spammer would write such a message...? Neither do I officially represent Spamgourmet. I'm just a concerned Spamgourmet user.

Secondly, how is Spamgourmet supposed not to report to where it forwards the message (the additional received lines)?

Thirdly, as for the things it changes, if it stops changing them, it might as close its gates as things like the comment inside the subject and the reply masking are the whole point of this service.

Fourthly, the structure is the same all the time, which is why I gave the example. Just like they have rules to do something, you can use the same rules to undo them.

The point is you can talk about your rules all day long, but you just ignore reality. Your service is meant for the classic model - a message that goes from A (the spammer) to B (the user). You just close your eyes to the fact that these days there are middleman services out there, which introduce a new model - A to B to C, where only A to B concern the spammer, but you insist presenting a fake "A to C" connection to A's ISP - a connection that never was.

And those of you who blame me personally haven't even read my original post, where I said the big picture is who knows how many Spamgourmet/Spamcop users out there report to Spamcop the fake "A to C" connection.

In your holy quest to fight A (and it's holy alright), you're willing to shoot B and risk C because (although they're on your side really) they stand in the way. You say to a fellow anti spam service that you're either with us or against us. I'm just saying it's time to adapt to a new model of sending messages. It's out there whether your rules accept it or not.

[turetzsr]

First of all, I'm not a spammer. What kind of spammer would write such a message...? Neither do I officially represent Spamgourmet. I just care for Spamgourmet.

...So you say, but how am I supposed to know you are telling the truth? Now, I don't really believe you are attempting to scam us but neither am I willing to take the chance that you might. Please don't take it personally -- I treat everyone I don't know the same way. I simply do not know you well enough to trust you.

Secondly, how is Spamgourmet supposed not to report to where it forwards the message (the additional received lines)?

...If Spamgourmet has to record in the headers its internal handoffs, then it has to ... but maybe it doesn't really have to do that. Thus StevenUnderwood's suggestion....

Thirdly, as for the things it changes, if it stops changing them, it might as close its gates as things like the comment inside the subject and the reply masking are the whole point of this service.

...The problem isn't with the things Spamgourmet is changing, the problem is with things you are changing (by your own admission, in your initial post).

Fourthly, the structure is the same all the time, which is why I gave the example. Just like they rules to do something, you can use the same rules to undo them.

...Sorry, I don't understand to what this is referring. Can you please clarify?

The point is you can talk about your rules all day long, but you just ignore reality. Your service is meant for the classic model - a message that goes from A (the spammer) to B (the user). You just close your eyes to the fact that these days there are middleman services out there, which introduce a new model - A to B to C, where only A to B concern the spammer, but you insist on including C and by that exposing the irrelevant "B to C" connection to A.

In your holy quest to fight A (and it's holy alright), you're willing to shoot B and risk C because they stand in the way. I'm just saying it's time to adapt to a new model of sending messages.

...The point is, you signed up for a service (SpamCop's), just as I did, and you (as well as I) are therefore obliged to follow whatever rules that service sees fit to impose. Of course, you are welcome to ask for a consideration of changes -- for which we have the New Feature Request forum. Would you like me to move this post to that forum? If so, we can continue your discussion as a request to change the existing parser process and the SpamCop rules. Otherwise, I believe we've probably said all that needs to be said about this ....

[StevenUnderwood]

Secondly, how is Spamgourmet supposed not to report to where it forwards the message (the additional received lines)?

As I said, I have no idea what Spamgourmet is. Is it a program on a local machine or a service provided elsewhere that you point your MX to then forwards to a "clean" address? The answers to your questions depend on those answers.

A quick look at the website indicates it is similiar to http://www.sneakemail.com/. My sneakemail messages do not have the "for <MY REAL ADDRESS" parts which is where your only issue should be. The only place my real email shows up on sneakemail messages s the To: and Delivered-To: lines which are both munged if you use that method. If the sneakemail address becomes comprimised, I simply delete it.

It seems to me your ISP and spamgormet are the ones revealing your real email address in their headers.

[Paranoid2000]

I'm staggered here - not so much at those ignorant of SpamGourmet (the most effective spam prevention service I've come across, offering unlimited email aliases which can be shut down if they receive spam) but at those who are seemingly not prepared to do the least bit of research before posting. Given the frequent exhortions made in this forum to "read the FAQs", is it unreasonable to expect those here to practice what they preach to others?

Getting back to the original post, SpamGourmet has to add its own headers like any other mail server and has to retain the existing ISP headers to avoid being identified as a spam source by SpamCop. The question then is whether this prevents SpamCop's address munging option - and I'm not sure that it does. Lwc, have you tried reviewing a SpamCop report to see if your real address is munged?

If it isn't being munged, then this should be simple enough for SpamCop to address by checking all mail headers for an occurrence of the original receipient address rather than just the first. However it should be noted that spammers often include unique codes in the URLs for their sites (as noted in the SpamCop Mole Reporting FAQ) so address munging shouldn't be relied upon anyway. In this case, the best option may be to ask your ISP if they can implement an address whitelist on your account so that you can configure it to accept emails only from SpamGourmet to stop spammers from targeting it directly.

[lwc]

First of all, are you kidding me? The reason Sneakemail doesn't change messages like Spamgourmet does is because it doesn't offer the extra features Spamgouremt does (like the custom message in the subject and the reply masking)!!!

Secondly, thank you for Paranoid2000 for not letting me be lynched alone here! Although now they will probably say you're just another bot (then again, who knows? Maybe we are robots but we just don't know that a-la the kid from "A.I"...if so, why are we the only bots not working in the porn department?!).

Anyway, I guess you're right about rule 4) (I confused the adresses in the body, that really turn to "x", with the "from" address that remains Spamgourmet's reply masking address). It was a mistake and I'd cut it out if it wasn't for these forums trying to play God and not allowing to edit after a certain period of time. Alas, rules 1)-3) still apply.

As for the ISP suggestion, who says I don't use my address directly too? Besides, just like some people here you miss out the big picture too - I'm talking about the Spamgourmet/Spamcop users in general. No matter what I'd do, most of them would still ignore rules 1)-3).

[agsteele]

Secondly, thank you for Paranoid2000 for not letting me be lynched alone here! Although now they will probably say you're just another bot (then again, who knows? Maybe we are robots but we just don't know that a-la the kid from "A.I"...if so, why are we the only bots not working in the porn department?!).

Hi lwc!

I'm not about to lynch anyone. I think there are two issues that folk have picked up on and one has been given more attention than the other. I think the concern expressed about the fact that you are actually editing your Emails before submitting them (as you described in your first post) is what has generated the terse replies and the formal warning from a SpamCop admin.

Otherwise The Lounge is just the place where robust discussion will take place since it isn't a support area.

As Steve said, it may be you are proposing a change in the service in which case maybe the discussion about support for SpamGourmet would be better placed in the New Features forum.

Andrew

[lwc]

I see where you're coming from. All I can say is I wanted A's ISP to see the A to B connection and not the fake A to C connection that never really took place. It's like the victim of the spam forwarded the spam to someone else and that someone else acts as if he got the spam directly from the spammer, which isn't true.

This topic was originally in the User Support forum, but it was moved here. Do move it to the proper place if you like.

[Wazoo]

This topic was originally in the User Support forum

?? there is either no such a section or one makes the stand that this whole thing is a User Support forum, which still means that the 'location' identified is still wrong.

but it was moved here. Do move it to the proper place if you like.

Oh sure, and give yet another for this "Forum to play God?"

"The Forum" does not "play God" ..... Wazoo is another matter. Unlike a 'real God' however, Wazoo tends to explain/define his actions as compared to simply sitting back and waiting for some other person to eventually recognize and proclaim something as a miracle ... sorry you feel impacted due to the results of actions made by other mere mortals that preceded you in here.

[Miss Betsy]

I am surprised also that other posters hadn't heard of spamgourmet! It's been around a long time.

There is always a risk in reporting spam that your email address will be exposed. spamcop mungs the most typical occurences, but doesn't always get all instances of an email address. I decided a long time ago that it is too time consuming to worry about. One either doesn't worry about munging (the rationale is that for whitehats it makes it easier for them to find spammers as well as give them legal ammunition for cancelling accounts and for blackhats, it doesn't matter - either they go to dev null or if they want to listwash reporters, they implant codes that probably won't be seen).

However, official spamcop has stated clearly that headers cannot be altered. spamgourmet knows this so I don't think they care whether their headers are included in spamcop reports (if they did, they would point it out to their customers to not report to spamcop). As you said, spamcop could write rules to mung those headers, but it is a slippery slope as someone else pointed out and attacks the integrity of spamcop reports.

Your choice is to stop altering the headers and continue to report via spamcop or to continue to alter the headers and report manually (you can still use spamcop to find the proper abuse address as long as you cancel the report - from either concern about exposing your email address/private info or to follow the rules about not submitting reports where the headers have been altered).

Manual reports are just as useful as spamcop reports. The purpose of reports is to alert server admins to the possibility of spammers using their server. When it turned out that some server admins didn't care, the spamcop blocklist became more important as a spam filter rather than simply blocking the spam until the problem was fixed. Some whitehats usually get only reporter errors from spamcop and so are more likely to pay immediate attention to a manual report than a spamcop report.

It all depends on what you are trying to accomplish what you decide to do. If you want to feed the scbl, then perhaps using the spamcop email service instead of spamgourmet would be a choice. If you like spamgourmet and want to take the time to manually report - especially compromised IPs that might be interested in cleaning up, then you could go that route. Or you could forget about munging altogether.

I hope your reaction to the initial responses haven't clouded your judgment. Although spamgourmet and spamcop are on the same 'side', their purposes are different. You will have to decide how you want to be 'anti-spam.'

<soapbox on> IMHO, rejecting spam at the server using blocklists is the only effective way of controlling spam. However, most businesses have opted for filtering for content so that email delivery is delayed and legitimate email is shunted to junk folders. I forget exactly how spamgourmet works, probably because it is primarily a content filter and so I dismissed it as an effective spam fighting tool. I personally would prefer any suspected spam to be sent back to the sender and let them figure out why it was considered spam. Then if it were a really important message, they could contact me in some other way. IMHO, it is the *sender* who should be inconvenienced rather than the recipient by spam because it is only the sender who can actually *do* anything to stop it. <soapbox off>

Although I don't think there have been very many discussions about the value of munging here in the forum, the issue has been discussed 'robustly' in the past in the newsgroups (robustly means that unless you have a thick skin and don't care about blunt opinions, you won't be interested in the discussion. that's one thing I miss about the forum - sometimes the exchanges were really clever and witty and I learned a lot, but not nice at all.)

Miss Betsy

[turetzsr]

I'm staggered here - not so much at those ignorant of SpamGourmet (the most effective spam prevention service I've come across, offering unlimited email aliases which can be shut down if they receive spam) but at those who are seemingly not prepared to do the least bit of research before posting. Given the frequent exhortions made in this forum to "read the FAQs", is it unreasonable to expect those here to practice what they preach to others?

<snip>

...But I'm not asking any questions about SpamGourmet and I don't care about SpamGourmet, so why should I read the FAQ or do research on it? I'm simply addressing lwc's violation of SpamCop rules.

This topic was originally in the User Support forum

?? there is either no such a section or one makes the stand that this whole thing is a User Support forum, which still means that the 'location' identified is still wrong.

...It was originally posted in the "SpamCop Reporting Help" forum and I moved it to the Lounge, as I explained above in linear post #2, above 52424[/snapback].

but it was moved here. Do move it to the proper place if you like.

Oh sure, and give yet another for this "Forum to play God?"

<snip>

...But I still am not certain what is "the proper place," plus we may have gotten rather far afield from a simple change request. So if it really is a request to change the behavior of the parser, I'd suggest that lwc enter a post in the "New Feature Request" forum that does that (and without the editorializing included in the first post here, except as necessary to explain the change being requested).

[lwc]

Don't shoot me, I meant to write "SpamCop Reporting Help" (and again I can't edit).

Miss Betsy, there's no risk e-mail addresses would be exposed. It is a fact however (as opposed to risk) that Spamcop would report my incoming server, the spammer's Spamgourmet's reply masking address instead of the spammer's real address, and my custom message in the subject. All because it it ignores the concept of forwarding/middleman as if it's a concept created by the spammers themselves and not against spammers.

[StevenUnderwood]

Don't shoot me, I meant to write "SpamCop Reporting Help" (and again I can't edit).

Miss Betsy, there's no risk e-mail addresses would be exposed. It is a fact however (as opposed to risk) that Spamcop would report my incoming server, the spammer's Spamgourmet's reply masking address instead of the spammer's real address, and my custom message in the subject. All because it it ignores the concept of forwarding/middleman as if it's a concept created by the spammers themselves and not against spammers.

Please provide a tracking URL to explain your problem more clearly.

If the headers are RFC compliant, then spamcop will NOT report your incoming sever, or spamgourmet's servers. You can help the spamcop parser ignore these by setting up your mailhost configuration on your reporting account. The reports should always go to the source, probably the connecting system to spamgormet. If that is not happening, it is a reporting issue and we need a TrackingURL to help explain where the issue is. If you don't want to post it, then the deputies would need the same information.

Spamcop does nothing with email addresses (it definitely would not report "the spammer's Spamgourmet's reply masking address"). The report will include those things, including the subject line, but I still don't see how that would matter.

P.S. Maybe we are getting closer to the real issue here?

[lwc]

Spamcop does nothing with email addresses

Do you actually claim Spamcop doesn't report the spammer's "from" address (in this case, their Spamgourmet's reply masking address")? Come on...

including the subject line, but I still don't see how that would matter.

It matters because it's a private comment added by Spamgourmet. The spammer sent his message to Spamgourmet, so why does it matter what Spamgourmet added later?

[jongrose]

Do you actually claim Spamcop doesn't report the spammer's "from" address (in this case, their Spamgourmet's reply masking address")? Come on...

SC completely ignores the "From:" line, as it is not reliable as a source when trying to identify the sender, and 99.99% of the time is completely bogus. SC looks at the IP address where the email was sent, as well as the SMTP server it was passed through. This is covered very thoroughly in the FAQ(s).

[Lking]

<snip> It is a fact however (as opposed to risk) that Spamcop would report my incoming server, <snip>

Have you considered the effect of correctly configuring your "Mailhosts" with SpamCop?

the spammer's Spamgourmet's reply masking address instead of the spammer's real address, and my custom message in the subject. All because it it ignores the concept of forwarding/middleman as if it's a concept created by the spammers themselves and not against spammers.

You have suggested in other post that 'if Spamgourmet can write rules to change the header, SpamCop could write rules to change it back.' This is true only if there is a 1-to-1 relationship between the the original and the changed headers and all the rules are know.

If there is not a 1-to-1 relationship (all fruit names are changed to orange) the process can not be reversed (was orange substituted for apple or peach?).

All the rules need to be know to change the header back. The security of cryptography is that all the rules are not know to all.

If the above is true then it would be posable. [editorial] But, in the bigger world why would two groups that offer similar services cooperate? Modifying SpamCop's parser to accommodate the unique modifications made by Spamgourmet would amount to singling out Spamgourmet for endorsement, (Not having done any research into Spamgourmet,) this may or may not be warranted. (And it is not my (our) place to decide whether endorsement is justified.) [/editorial]

[lwc]

If you really think that, I suggest you take a look in your reports and you'd find out they contain it. It's easy to find as it's the only address not turning into "x"...

[turetzsr]

Do you actually claim Spamcop doesn't report the spammer's "from" address (in this case, their Spamgourmet's reply masking address")? Come on...

...I believe you misunderstood StevenUnderwood, to whom you are replying here. What he wrote was [emphasis mine]:

<snip>

Spamcop does nothing with email addresses (it definitely would not report "the spammer's Spamgourmet's reply masking address"). The report will include those things

<snip>

By "those things," Steven was including the e-mail address. By "SpamCop does nothing with email addresses," he meant that the SpamCop parser makes no decisions as to where to send reports based on the "from" e-mail address.

If you really think that, I suggest you take a look in your reports and you'd find out they contain it. It's easy to find as it's the only address not turning into "x"...

...This time, jongrose was the target of your misunderstanding (or perhaps his misunderstanding of your point):

SC completely ignores the "From:" line, as it is not reliable as a source when trying to identify the sender, and 99.99% of the time is completely bogus. SC looks at the IP address where the email was sent, as well as the SMTP server it was passed through. This is covered very thoroughly in the FAQ(s).

Here, jongrose is referring, as did StevenUnderwood, to SpamCop's use of the "from" address in its decision-making process: it ignores it for that purpose.

...By the way, because you did not quote jongrose's post in your reply, it was difficult to know to whom you were replying. A little detail to bear in mind about forums like this .... <g>

[lwc]

So the bottom line is the reply masking address is shown to the ISP instead of the spammer's real address.

[turetzsr]

So the bottom line is the reply masking address is shown to the ISP instead of the spammer's real address.

...Because, IIUC, SpamCop and most of the clued-in admins to whom reports are sent are aware that the "From" address is usually forged and therefore is best ignored, except for such things as evidence of a joe-job (for the very, very ,very rare circumstances that the intended victim actually has the inclination and resources to go after the spammer).