Jump to content

Personal info included in reports


SCM
 Share

Recommended Posts

Hi all,

I have noticed a sharp increase in spam recently, all from the same source. I have been reporting them as spam however I have noticed this morning that this is probably a bad idea as it is giving my address to the spammers.

Here are the headers from the SpamCop report, assuming mail.example.com is my own mailserver and my e-mail address is user[at]example.com:

Return-path: <WalkinTub-user=example.com[at]tri-bit.com>
Envelope-to: x
Delivery-date: Sun, 15 Jun 2014 07:24:43 +1000
Received: from mail.example.com ([172.16.255.1])
	by mail2.example.com with esmtp (Exim 4.80)
	(envelope-from <WalkinTub-user=example.com[at]tri-bit.com>)
	id 1WvvRK-0007iu-Q3
	for x; Sun, 15 Jun 2014 07:24:43 +1000
Received: from c2.tri-bit.com ([75.75.245.44])
	by mail.example.com with esmtp (Exim 4.80)
	(envelope-from <WalkinTub-user=example.com[at]tri-bit.com>)

If I go ahead and submit this, all the reports are devnulled except two - one which goes to serverhub.com and the other to fbyne.com. These recipients will of course be able to read my e-mail address from the spam report which will signal that the spam has gotten through, so I don't really want to submit these reports.

On a related note, all these messages come from different domains, they are all getting through because they are DKIM signed, and all the mailserver IPs are owned by solarvps.com. I guess it's time to figure out how to configure my mailserver to reject any e-mail coming from a solarvps.com owned IP address...

But if there's any way of obfuscating my e-mail address from the spam reports that would be very nice!

Link to comment
Share on other sites

Hi, SCM,

...If you're still concerned after Don's reply, above, you have at least two alternatives:

  • Become a "mole" reporter (see SpamCop FAQ article "What is Mole Reporting?" and/ or the SCWiki article "MoleReporting").
  • When you submit spam, uncheck the boxes of the suspect "abuse" addresses to which SpamCop offers to send complaints.

Link to comment
Share on other sites

[at] SpamCopAdmin: Yes SpamCop does delete your address, but not when it's obfuscated in this manner. So in my original post you can see it deleted my address from the Envelope-to header, but it didn't remove it from the Return-path header.

[at] turetzsr: After reading the stuff about MoleReporting, it looks like this might not matter as there could be some other way of harvesting my address. So maybe as that page suggests, the best method is not to send spam reports?

Is it still worth reporting the spam to SpamCop in this case? Will the IP address used get added to any blacklists?

Link to comment
Share on other sites

<snip>

After reading the stuff about MoleReporting, it looks like this might not matter as there could be some other way of harvesting my address. So maybe as that page suggests, the best method is not to send spam reports?

...Yes, as the SCWiki article "What is mole reporting?" mentions, becoming a mole will result in complaints not being sent by SpamCop. That means that neither spammers nor "white hat" admins will know that you submitted a report.
Is it still worth reporting the spam to SpamCop in this case? Will the IP address used get added to any blacklists?
...Yes, as the SCWiki article "What is mole reporting?" mentions, as a mole you still report spam to SpamCop and this results in "registering reports in SpamCop's database, but never sending reports to the 'ISP' (all too often, the spammer, or a spam-friendly host)." Note that this does not guarantee that "the IP address used [will definitely] get added to any blacklists," just that you will be contributing to the statistics used to decide whether to add the IP address to the SpamCop BL, just like those of us who are not mole reporters.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...