Jump to content

Personal info included in reports


SCM

Recommended Posts

Posted

Hi all,

I have noticed a sharp increase in spam recently, all from the same source. I have been reporting them as spam however I have noticed this morning that this is probably a bad idea as it is giving my address to the spammers.

Here are the headers from the SpamCop report, assuming mail.example.com is my own mailserver and my e-mail address is user[at]example.com:

Return-path: <WalkinTub-user=example.com[at]tri-bit.com>
Envelope-to: x
Delivery-date: Sun, 15 Jun 2014 07:24:43 +1000
Received: from mail.example.com ([172.16.255.1])
	by mail2.example.com with esmtp (Exim 4.80)
	(envelope-from <WalkinTub-user=example.com[at]tri-bit.com>)
	id 1WvvRK-0007iu-Q3
	for x; Sun, 15 Jun 2014 07:24:43 +1000
Received: from c2.tri-bit.com ([75.75.245.44])
	by mail.example.com with esmtp (Exim 4.80)
	(envelope-from <WalkinTub-user=example.com[at]tri-bit.com>)

If I go ahead and submit this, all the reports are devnulled except two - one which goes to serverhub.com and the other to fbyne.com. These recipients will of course be able to read my e-mail address from the spam report which will signal that the spam has gotten through, so I don't really want to submit these reports.

On a related note, all these messages come from different domains, they are all getting through because they are DKIM signed, and all the mailserver IPs are owned by solarvps.com. I guess it's time to figure out how to configure my mailserver to reject any e-mail coming from a solarvps.com owned IP address...

But if there's any way of obfuscating my e-mail address from the spam reports that would be very nice!

Posted

>- it is giving my address to the spammers.

SpamCop deletes your address from wherever it appears in the spam.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Posted

Hi, SCM,

...If you're still concerned after Don's reply, above, you have at least two alternatives:

  • Become a "mole" reporter (see SpamCop FAQ article "What is Mole Reporting?" and/ or the SCWiki article "MoleReporting").
  • When you submit spam, uncheck the boxes of the suspect "abuse" addresses to which SpamCop offers to send complaints.

Posted

[at] SpamCopAdmin: Yes SpamCop does delete your address, but not when it's obfuscated in this manner. So in my original post you can see it deleted my address from the Envelope-to header, but it didn't remove it from the Return-path header.

[at] turetzsr: After reading the stuff about MoleReporting, it looks like this might not matter as there could be some other way of harvesting my address. So maybe as that page suggests, the best method is not to send spam reports?

Is it still worth reporting the spam to SpamCop in this case? Will the IP address used get added to any blacklists?

Posted
<snip>

After reading the stuff about MoleReporting, it looks like this might not matter as there could be some other way of harvesting my address. So maybe as that page suggests, the best method is not to send spam reports?

...Yes, as the SCWiki article "What is mole reporting?" mentions, becoming a mole will result in complaints not being sent by SpamCop. That means that neither spammers nor "white hat" admins will know that you submitted a report.
Is it still worth reporting the spam to SpamCop in this case? Will the IP address used get added to any blacklists?
...Yes, as the SCWiki article "What is mole reporting?" mentions, as a mole you still report spam to SpamCop and this results in "registering reports in SpamCop's database, but never sending reports to the 'ISP' (all too often, the spammer, or a spam-friendly host)." Note that this does not guarantee that "the IP address used [will definitely] get added to any blacklists," just that you will be contributing to the statistics used to decide whether to add the IP address to the SpamCop BL, just like those of us who are not mole reporters.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...