Everything posted by temmokan
Thanks for the advice. In fact, it is not my domain that has been hit with false spamvertizing complaint. I'll send the advice to the domain owner, to get that report off the database.
The issue I mentioned relates to 'spamvetizing'. Looks like no checks were made to make sure that PTR record that reported a reference to a domain name as never tested to be authentic. The domain for which the spamvertizing complaint was fired at hosting provider, doesn't use the IP, its A zone records do not match the spam origin IP. I conclude, that if the above is regular SpamCop parser logic, then it has a major flaw allowing to frame any domain as participating in spamvertizing. Here is the setup: - create a PTR record for anyone's domain - launch spam delivery from that IP, using the target domain as Reply-To base Voila. Sooner or later, SpamCop will receive a sample of the spam and file a complaint to hosting provider. Now the domain owner has to prove their innocence. Meanwhile, domain owner's mail sever will be flooded with angry responses and bounces. No one can prevent people from setting false PTR records. It's too easy to do. I suggest changing the parser logic when PTR records are used to return a domain name. The simplest check is to retrieve that domain's A records and compare. I hope you understand that all the domains can be framed in this manner and there're no means to prevent that.
Hello, The story so far: a spam complaint is received, sent through SpamCop, and while studying headers of the original spam message, I notice that although PTR record for spam origin returns a domain name 9say, example.com), the actual A records for example.com do not match the spam origin IP. That means a false/out-of-date PTR record(s) exists that makes SpamCop decide the domain owner is at fault and their server works as spam source. In reality, IP has nothing to with example.com. hat could be avoided if the check were made to make sure that both PTR returns a domain name *and* domain has at least one A/AAAA record matching the one reported. Otherwise, it opens wide possibilities to compromise any legitimate domain: create a false PTR for it, use the IP as spam source and voila - the domain owner will have to prove they aren't spammers. Is the mentioned A-PTR comparison made currently when analyzing the spam messages? Thanks.