Excursus Posted August 25, 2005 Share Posted August 25, 2005 Hi, I receive hundreds of spam emails per day. After starting to report them to SpamCop, I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago. Since I clear out junk email every day, an email which arrived two or three days ago would no longer exist for me to report. My thoughts on this are as follows: If a spammer knows about the fact that SpamCop doesn't process spam which is older than two days, then it would be in their interest to make it look like the spam arrives a lot earlier than it actually does. Effectively, they then have a kind of immunity... Is this at all possible? And if so, is it a known issue? Not looking for answers, just making an observation. --Excursus-- Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2005 Share Posted August 25, 2005 I receive hundreds of spam emails per day. After starting to report them to SpamCop, I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago. Since I clear out junk email every day, an email which arrived two or three days ago would no longer exist for me to report. Tracking URL of a sample so that headers can be properly discussed ..??? Is this at all possible? And if so, is it a known issue? 31987[/snapback] Sure it's possible .... if you're going to stand on the fact that this means that your ISP is working with the spammer to 'hold' your e-mail until it's too old to report. Link to comment Share on other sites More sharing options...
Lking Posted August 25, 2005 Share Posted August 25, 2005 Sure it's possible .... if you're going to stand on the fact that this means that your ISP is working with the spammer to 'hold' your e-mail until it's too old to report. Why do we start by assuming Excursus or their ISP has a loose screw? I also have in the passed received an odd "old" spam. Old as in 1-2 days old so that it gets "hidden" in the short list of deal-with-it-later email. Some also have figured out how to be marked as read so they don't stand out. Before I had all the spam filters in place I now have, the 'old' spam with a virus were kind of a delayed bomb. I never did figure out what value they served the spammer, but what Excursus reports is a fact without having a conspiratorial ISP. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 25, 2005 Share Posted August 25, 2005 Why do we start by assuming Excursus or their ISP has a loose screw? 32003[/snapback] We did not say that, but the date used is NOT from the original message but from the datestamp the last (first to receive) trusted source put there. There are other discussions in these forums and a FAQ entry. http://www.spamcop.net/fom-serve/cache/188.html The way any one application displays a message and the Parsing of that message are totally different. Most (all?) mail applications use the date specified as the creation date, usually put there when the message was sent (by trustworthy application). Those are easily modified since it is only text and there at the creation point. Link to comment Share on other sites More sharing options...
Lking Posted August 25, 2005 Share Posted August 25, 2005 So if we go back and read the original post we note that we are talking about what Excursus "sees" in his mail application not what SC does. I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago. Maybe StevenUnderwood is circling the correct question The way any one application displays a message and the Parsing of that message are totally different. So Excursus, what app are you using to look at your email? Have you looked at the source code <Ctrl-U> to see which date in the header is being displayed vis which one SpamCop uses. Had to take out some spaces Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2005 Share Posted August 25, 2005 Why do we start by assuming Excursus or their ISP has a loose screw? No assumptions made. Response was based on the query of a "spammer exploit" of using bad dates. Technically, the dates entered by spammer should have little effect on the parser, as the dates normally 'driving' the selection process should be from servers after the spam left the spammer's control. As stevenunderwood has already pointed out, the "displayed" e-mail in the user's application may look at another header line to use for its sorting order. I also have in the passed received an odd "old" spam. Old as in 1-2 days old so that it gets "hidden" in the short list of deal-with-it-later email. Some also have figured out how to be marked as read so they don't stand out. Before I had all the spam filters in place I now have, the 'old' spam with a virus were kind of a delayed bomb. I never did figure out what value they served the spammer, but what Excursus reports is a fact without having a conspiratorial ISP. 32003[/snapback] One bit of history/example was in the days of the [at]Home service. They had a rack of service "float" computers sitting on a shelf. When an e-mail server crashed/died, they simply pulled one of these machines off the shelf and replaced the dead computer. The dead computer got repaired and went back on the shelf. At some point in future time, another server would go down and this fixed system would get plugged in, picking up right where it left off, delivering the e-mail from the time before the crash. There was a bit of a contest on showing the "oldest" "new" e-mail received, many cases of e-mail over a year old being delivered 'today' .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.