McMelF Posted August 28, 2004 Share Posted August 28, 2004 In my last report the spam message had 3 references to web pages. For each reference a mail list is shown, may be even created, without consolidation. I deselected the two dups. Then I summarized the referred to URLs, three pages in the same domain. It would be nice if this could be done by Mailhost procedures. Mel Link to comment Share on other sites More sharing options...
dbiel Posted August 28, 2004 Share Posted August 28, 2004 I am afraid that it sounds like you have an incorrect view of what MailHosts does. MailHosts has a single purpose which is to determine what mailhosts (servers) you personally use to receive your mail. When parsing the headers, it compares your list of servers against the path that the mail took to get to you. Any server that was used to get the mail to you that is part of your mailhost configuration is ignored as it is considered necessary for the delivery of your mail and therefor not a possible source of the mail. If there was no such thing as forged headers, there would be no need for MailHosts. The parser would simple use the first server listed as the source of the mail. But because of forgeries, this is not possible and one has to guess at what the source actually is. Buy eliminating the servers that are necessary for the delivery of your mail it is possible to determine the initial source where the mail first entered your mail delivery system. It then tries to go back as far as possible validating each server in the path to determine if it is a relay, a real server or a forgery. MailHosts has absolutely nothing to due with the parsing of the body of the message or with any links contained in the message as they have nothing to do with how you receive your mail. Link to comment Share on other sites More sharing options...
McMelF Posted August 29, 2004 Author Share Posted August 29, 2004 . MailHosts has absolutely nothing to due with the parsing of the body of the message or with any links contained in the message as they have nothing to do with how you receive your mail. 15973[/snapback] Thanks for your elaborate on what MailHosts' function is. However, is does not cover the topic here. Your quoted text (above) contradicts with my findings. An example may refocus us on the subject, consolidation of duplicates (in mail lists): ============================================================== Re: http://www.commit.com.im.cevitty.com (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br Re: http://www.tears.com.im.cevitty.com/a.html (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br Re: http://www.with.com.im.cevitty.com (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br ============================================================== Note that these 3 URLs are from the body of the spam and they are all in the same domain. My question, in other words, remains: will the admin receive an email for each URL? Mel Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 29, 2004 Share Posted August 29, 2004 QUOTE(dbiel [at] Aug 28 2004, 12:55 PM) . MailHosts has absolutely nothing to due with the parsing of the body of the message or with any links contained in the message as they have nothing to do with how you receive your mail. ... Your quoted text (above) contradicts with my findings. You seem to be confusing mailhosts with the spamcop parser. In your first message, you state: It would be nice if this could be done by Mailhost procedures. What dbiel correctly states is that the Mailhost procedure has nothing to do with the actual source of the spam. It has to do with what is NOT a source, your ISP's. I don't know how that "contradicts your findings". What you have presented is the spamcop parser (independent of if you have mailhosts configured or not) finding links in the body of the spam. My question, in other words, remains: will the admin receive an email for each URL? If all the checkmarks are in place, no, each of the 4 addresses will receive 1 report including all 3 links. Link to comment Share on other sites More sharing options...
McMelF Posted August 29, 2004 Author Share Posted August 29, 2004 I see. My apologies for any confusion I've caused. I should have used the term 'reporting procedures'. Thanks, Mel Link to comment Share on other sites More sharing options...
Ellen Posted August 30, 2004 Share Posted August 30, 2004 Thanks for your elaborate on what MailHosts' function is. However, is does not cover the topic here. Your quoted text (above) contradicts with my findings. An example may refocus us on the subject, consolidation of duplicates (in mail lists): ============================================================== Re: http://www.commit.com.im.cevitty.com (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br Re: http://www.tears.com.im.cevitty.com/a.html (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br Re: http://www.with.com.im.cevitty.com (Administrator of network hosting website referenced in spam) security[at]telefonicaempresas.net.br abuse[at]telefonicaempresas.net.br Internal spamcop handling: (spambr) mail-abuse[at]nic.br ============================================================== Note that these 3 URLs are from the body of the spam and they are all in the same domain. My question, in other words, remains: will the admin receive an email for each URL? Mel 16008[/snapback] One report is sent for each spam to each designated email address. If there are muliple reasons for sending the report -- i.e. multiple urls or injection/urls that point to the same abuse recipient one report is sent with all the urls or injecting/urls listed at the top. Link to comment Share on other sites More sharing options...
McMelF Posted August 30, 2004 Author Share Posted August 30, 2004 One report is sent for each spam to each designated email address. If there are muliple reasons for sending the report -- i.e. multiple urls or injection/urls that point to the same abuse recipient one report is sent with all the urls or injecting/urls listed at the top. 16026[/snapback] Allright, that's fine. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.