Jump to content

Suggestion: Help Reporting Forged Header Bounces


Recommended Posts

Posted

Hello,

I've been swamped recently with bounces coming from spam that's got forged headers in it. I've be abiding by the rules and NOT reporting it with spamcop. Instead I've been doing two very boring tasks:

(1) Replying to a suitable postmaster[at].. person explaining why the email was forged and asking them to reject forged headers rather than bouncing them to me

(2) Mailing abuse[at].. for the machine where the forgery came from.

It strikes me that both tasks could be automated in a similar way to the normal spam reporting. What do we think?

Dave.

Posted

Hi, Dave,

...What I would do is:

  • run the spam through the SpamCop parser
  • look at the draft e-mails generated (click on the "Preview Reports link" button)
  • copy one of the preview e-mails and paste it into a new e-mail message
  • copy and paste the "To:" addresses into the "To" line of my e-mail
  • replace the "This message is brief for your comfort. Please use links below for details." with the internet headers and (optionally) appropriate parts of the body of the spam
  • send the e-mail
  • cancel the SpamCop unreported spam

Posted

Sorry for the newbie response, but by "run the spam through the SpamCop parser" do you mean the reporting form at:

http://mailsc.spamcop.net/

If so there's a problem with that approach as I've signed up to MailHosts so the parser doesn't parse anything below the forged header and therefore I don't get the draft emails generated.

Dave.

Posted

no, but you can manually cut and paste the report; once it is generated, paste it in a new e-mail, send to suggested abuse<at> and cancel reporting.

Posted

Might be a crossed-wire, but since I've signed up for MailHosts I can no longer generate these reports. They stop at the forged header saying that they won't trust anything else below the forged line and hence I get no reports.

Are we looking at the same thing?

Dave.

Posted
Might be a crossed-wire, but since I've signed up for MailHosts I can no longer generate these reports.  They stop at the forged header saying that they won't trust anything else below the forged line and hence I get no reports.

I have the same problem. Now that I'm using mail hosts, I can't take a copy of a spam received by somebody else and use the parser to analyze the headers.

In such cases, I don't want to send reports - I just want to find the origin and decode any embedded url's.

I would love to see a "parse-only" submission box somewhere.

P.S.: The mailhosts feature is working brilliantly otherwise. I wouldn't go back to the old system for a minute! This one limitation is my only complaint...

Posted

I have been asking about this since mailhosts were proposed. I know Julian is neck deep right now working on getting mailhosts ready for the general public but perhaps it will be implemented eventually.

It never hurts to keep asking until we're asked not to any more :)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...