jeffjustice Posted December 2, 2004 Share Posted December 2, 2004 I see lots of examples of people showing header details to help track down spam and cut it off. One of our IP addresses is listed but I can't find any of the header info for the people who have submitted reports (which makes it hard to track down a culprit and also make sure the recipient isn't contacted again). There have been 4 total (3 users and 1 mole) based on the daily summary report I receive. I have tried using the "find report" and "close issues" features within my account but no further details are ever displayed. What am I missing? Thanks in advance. Jeff Link to comment Share on other sites More sharing options...
turetzsr Posted December 2, 2004 Share Posted December 2, 2004 Hi, Jeff! ...Although I'm not certain what you are looking for, I think the answers to your questions may be in the FAQ that is linked to from Pinned: Original SpamCop FAQ Plus - Read before Posting on this forum's front page. Specifically, I see sections labeled "Help for abuse-desks and administrators" and "Assistance stopping spam:". ...HTH! Link to comment Share on other sites More sharing options...
jeffjustice Posted December 2, 2004 Author Share Posted December 2, 2004 Hi, Jeff! ...Although I'm not certain what you are looking for, I think the answers to your questions may be in the FAQ that is linked to from Pinned: Original SpamCop FAQ Plus - Read before Posting on this forum's front page. Specifically, I see sections labeled "Help for abuse-desks and administrators" and "Assistance stopping spam:". ...HTH! 20846[/snapback] Thanks, but I've scoured the FAQ a bit and haven't found what I'm looking for (yet). To be more specific I see (and have seen in the past for my own IPs) reports like the following http://www.spamcop.net/sc?id=z688279526z74...f4795bf9cc9776z My question is, how do I get these similar detailed reports for the new IP range I'm leasing so that I can track it back through my smtp logs? Thanks, Jeff Link to comment Share on other sites More sharing options...
Merlyn Posted December 2, 2004 Share Posted December 2, 2004 That is a user report and you can only see your own user reports and not others unless you post a tracking url. More data was revealed previously but spammers took advantage of the information so it is withheld now. What IP address do you think is listed? Link to comment Share on other sites More sharing options...
jeffjustice Posted December 2, 2004 Author Share Posted December 2, 2004 That is a user report and you can only see your own user reports and not others unless you post a tracking url. More data was revealed previously but spammers took advantage of the information so it is withheld now. What IP address do you think is listed? 20848[/snapback] *sigh* That makes it hard for those of us who are strictly white hat to honor people's desire to be left alone. Here's the ip http://www.spamcop.net/w3m?action=checkblo...p=67.43.151.116 I have an email in to the deputies. In return so far I received three subject lines of the emails that were reported. Not quite enough detail though to clean up the situation and prevent it from happening again. Thanks for the help. Jeff Link to comment Share on other sites More sharing options...
Merlyn Posted December 2, 2004 Share Posted December 2, 2004 I must say (and I do not say this very often) for an email marketing company resultsmail.com looks very clean. My hats off to you. It could be they had someone that did not have a clean list, but from the looks of it they get rid of people using dirty lists. Tthe reports went to loudpacket.com so they will probably be off the list in 17 hours. Good luck, wish I could help more. Maybe the deputies will get back to you soon. You aren't by chance the reduce stress in the workplace humorist??? Link to comment Share on other sites More sharing options...
dra007 Posted December 2, 2004 Share Posted December 2, 2004 Looking at the traking url you provided, you realize that the TRAFFIC has gone up by >2000%. That alone should be a warning sign something fishy is going on! Perhaps as nasty as a trojan ? Link to comment Share on other sites More sharing options...
jeffjustice Posted December 2, 2004 Author Share Posted December 2, 2004 I must say (and I do not say this very often) for an email marketing company resultsmail.com looks very clean. My hats off to you. It could be they had someone that did not have a clean list, but from the looks of it they get rid of people using dirty lists. Tthe reports went to loudpacket.com so they will probably be off the list in 17 hours. Good luck, wish I could help more. Maybe the deputies will get back to you soon. You aren't by chance the reduce stress in the workplace humorist??? 20853[/snapback] Thanks Merlyn, that means a lot to us here. We do give people the boot for not playing by the strict rules. This is why it is important to us to find out exactly what is going on with reports to spamcop. We attract customers with clean lists and keep them because we stay on top of problems. Pretty much everyone here is a humorist Keeps the place fun! Link to comment Share on other sites More sharing options...
jeffjustice Posted December 2, 2004 Author Share Posted December 2, 2004 Looking at the traking url you provided, you realize that the TRAFFIC has gone up by >2000%. That alone should be a warning sign something fishy is going on! Perhaps as nasty as a trojan ? 20854[/snapback] Actually we were migrated to this loudpacket block last month. So this IP went from zero activity to our richter scale of about 4-5. Now, this may also be part of why we are seeing blocks. It is my understanding (and correct me if I am wrong) that complaints are weighted based on historical sender volume. So daily volume of email sent is about 100,000 and we get 4 complaints we are blocked (current reports on us are 3 users and 1 mole in past 24 hours). Granted these 4 complaints could be from new customers with lists that are "bad" or maybe just old (as in some people don't remember opting in)... but hard to know w/o the information to follow up. Anyway, thanks for the help and input so far. - Jeff Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 3, 2004 Share Posted December 3, 2004 Tthe reports went to loudpacket.com so they will probably be off the list in 17 hours. If you can get loudpacket.com to provide you with the reports, you might be able to find out what you need. I am not sure of the procedures, but you might also be able to get the reports yourself in the future so you can take action more quickly. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted December 3, 2004 Share Posted December 3, 2004 If you can get loudpacket.com to provide you with the reports, you might be able to find out what you need. I am not sure of the procedures, but you might also be able to get the reports yourself in the future so you can take action more quickly. The third-party notification request thing has been replaced. The new data replaced the old, but the link/URL is the same .. found in the FAQ here at the entry "How can I get SpamCop reports about my network?" ... One major change is that the Deputies don't have to immediately get involved in analyzing and deciding whether to grant approval .. the flip side is that the data provided in this mode is pretty much the same as anyone else can get ... so the "specifics" requested still won't be available. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 3, 2004 Author Share Posted December 3, 2004 The third-party notification request thing has been replaced. The new data replaced the old, but the link/URL is the same .. found in the FAQ here at the entry "How can I get SpamCop reports about my network?" ... One major change is that the Deputies don't have to immediately get involved in analyzing and deciding whether to grant approval .. the flip side is that the data provided in this mode is pretty much the same as anyone else can get ... so the "specifics" requested still won't be available. 20874[/snapback] Yeah, I already have an ISP account to receive reports. That is what has started this whole discussion. I can confirm that no detail is provided in those reports as you mention So where does this leave legit marketers who's bandwidth provider can't be bothered with forwarding them complaint reports? (It has been 24 hours with no response yet from my provider). Link to comment Share on other sites More sharing options...
Wazoo Posted December 3, 2004 Share Posted December 3, 2004 First of all, "67.43.151.116 not listed in bl.spamcop.net" .. so that part of the issue is solved for now. Yeah, I already have an ISP account to receive reports. That is what has started this whole discussion. I can confirm that no detail is provided in those reports as you mention So where does this leave legit marketers who's bandwidth provider can't be bothered with forwarding them complaint reports? (It has been 24 hours with no response yet from my provider). Though discussing your bandwidth provider is best left between you and them, one must also look at the other side of the coin. In general, the scenario is that the bandwidth provider is contacted with a complaint about something that a user has decided meets the criteria of being spam. (Noting that bad reporting has consequences.) What should happen is that the ISP does some investigation, then handles the action item .. shutting down the account, checking off an Innocent Bystander status flag, or something in between. The "passing the complaint on to the 'spammer'" is usually seen as a bad thing. Before you get too excited, this is all presented from the perspective of the hapless spam victim. Some of the issues with your particular situation appear to also be driven by timing and coincidence of other issues. For instance, as previously pointed out, the details shown at SenderBase unfortunately matches the scenario of an e-mail server/network being compromised and used by a spammer. So the first glance from most folks would tend to go down that path in making decisions. That you explained the circumstances "here" tend to allow one to set aside those immediate thoughts, it's unknown whether this data was provided in the previous dialog with the Deputies. Now, this may also be part of why we are seeing blocks. It is my understanding (and correct me if I am wrong) that complaints are weighted based on historical sender volume. Yes, no, kind of .... http://www.spamcop.net/fom-serve/cache/297.html breaks out the complicated math behind a BL listing. So daily volume of email sent is about 100,000 and we get 4 complaints we are blocked (current reports on us are 3 users and 1 mole in past 24 hours). The numbers used here make it hard to believe that you managed to get listed at all, but there are some parameters described in the above mentioned FAQ entry that "we" don't have access to ... the most critical would seem to be the places you're sending too as compared to those places "monitoring" traffic from your e-mail server (there used to be a 2% threshold between total traffic "seen" and spam, but I don't see that in the FAQ at present) The SenderBase line; "Date of first message seen from this address 2004-11-06" may feed into a situation of a "newly discovered e-mail source" to the SpamCop parsing engine/database (which I notice also isn't mentioned in the FAQ entry suggested) .. if this was among the issues in getting listed, it should be resolved also, now both being identified and coming up on the end of the "probation" period. (I can't recall if there was a FAQ entry that didn't survive the fairly recent rewrite or if I'm remembering an ancient newsgroup conversation, but somewhere there was mention that a note to the Admin staff before bringing the server on-line could prevent this "newly discovered" thing from being an issue.) Link to comment Share on other sites More sharing options...
jeffjustice Posted December 3, 2004 Author Share Posted December 3, 2004 Thanks for the input/info. I think we are starting to work it through. Deputies have since forwarded me two reports. One was pretty bad and that customer was immediately cancelled as a result (questionable content and hit a spam trap which proves he didn't really have consent to send). When we first noticed this issue with SpamCop we notified the deputies immediately that we felt we were being punished due to the IP swap. I read the FAQs regarding their listing determination and figured we were getting pegged due to newly discovered volume. We were rarely listed on our old IP so it was a shock to us to find we were being blocked regularly on the new IP. Doesn't really matter now though. We seem to be communicating and working towards resolution. Based on that one example they sent me I can't blame them for listing us. Just need better communication and details getting to me so we can act before it becomes a drawn out/daily issue. ps. we are listed again summary report shows 5 complaints. again, volume in 24 hours is 100k or so. Link to comment Share on other sites More sharing options...
Merlyn Posted December 3, 2004 Share Posted December 3, 2004 I think (Just thinking mind you) to start referring my customers to your service and maybe our own company. I must follow your address space for a while though! Link to comment Share on other sites More sharing options...
Jeff G. Posted December 5, 2004 Share Posted December 5, 2004 Here are some recent SpamCop Reports concerning that IP Address: Submitted: Friday 2004/12/03 18:54:26 -0500: 4brokers Exclusive Leads Program 1305908120 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Friday 2004/12/03 13:35:12 -0500: Buy One, Get One 1305731715 ( http://www.pentabosol.com ) To: abuse[at]invotion.com 1305731712 ( http://www.pentabosol.com ) To: abuse[at]expresstechnologies.com 1305731711 ( http://www.pentabosol.com ) To: abuse#halfpricehosting.com[at]devnull.spamcop.net 1305731706 ( http://www.pentabosol.com ) To: postmaster[at]expresstech.net 1305731700 ( 67.43.151.116 ) To: spamcop[at]imaphost.com 1305731698 ( http://www.resultsmail.com/ ) To: abuse[at]loudpacket.com 1305731696 ( http://rm.resultsmail.com/unsubscribe.cfm?uid=2... ) To: abuse[at]loudpacket.com 1305731695 ( http://rm.resultsmail.com/route.cfm?mid=86676a9... ) To: abuse[at]loudpacket.com 1305731694 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Friday 2004/12/03 12:33:14 -0500: Buy One, Get One 1305686725 ( http://www.pentabosol.com ) To: postmaster[at]expresstech.net 1305686724 ( http://www.pentabosol.com ) To: abuse[at]invotion.com 1305686723 ( http://www.pentabosol.com ) To: abuse[at]expresstechnologies.com 1305686722 ( http://www.pentabosol.com ) To: abuse#halfpricehosting.com[at]devnull.spamcop.net 1305686721 ( 67.43.151.116 ) To: spamcop[at]imaphost.com 1305686720 ( http://www.resultsmail.com/ ) To: abuse[at]loudpacket.com 1305686719 ( http://rm.resultsmail.com/unsubscribe.cfm?uid=2... ) To: abuse[at]loudpacket.com 1305686718 ( http://rm.resultsmail.com/route.cfm?mid=86676a9... ) To: abuse[at]loudpacket.com 1305686717 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Thursday 2004/12/02 13:00:14 -0500: ASG/IBM meeting: Golfsmith Gift Card 1304886044 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Thursday 2004/12/02 12:04:25 -0500: ASG/IBM meeting: Golfsmith Gift Card 1304847317 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Tuesday 2004/11/30 09:30:42 -0500: 2005 Masters Tournament 1303148313 ( http://www.sghgolf.com/specials.html ) To: mole[at]devnull.spamcop.net 1303148312 ( http://www.sghgolf.com ) To: mole[at]devnull.spamcop.net 1303148311 ( http://www.resultsmail.com/ ) To: mole[at]devnull.spamcop.net 1303148308 ( http://rm.resultsmail.com/route.cfm?mid=631d749... ) To: mole[at]devnull.spamcop.net 1303148305 ( 67.43.151.116 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday 2004/11/30 08:15:23 -0500: Solicitation: Small Business Financing 1303022384 ( http://www.southwyndfinancial.com ) To: abuse[at]cogentco.com 1303022365 ( 67.43.151.116 ) To: spamcop[at]imaphost.com 1303022358 ( http://www.resultsmail.com/ ) To: abuse[at]loudpacket.com 1303022354 ( http://rm.resultsmail.com/unsubscribe.cfm?uid=c... ) To: abuse[at]loudpacket.com 1303022350 ( http://rm.resultsmail.com/route.cfm?mid=709b670... ) To: abuse[at]loudpacket.com 1303022339 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Thursday 2004/11/25 03:39:48 -0500: Ziba Music Presents: The Viper Room - Friday Nov 26 1299286201 ( 67.43.151.116 ) To: spamcop[at]imaphost.com 1299286197 ( http://www.resultsmail.com/ ) To: abuse[at]loudpacket.com 1299286195 ( http://rm.resultsmail.com/unsubscribe.cfm?uid=7... ) To: abuse[at]loudpacket.com 1299286193 ( http://rm.resultsmail.com/route.cfm?mid=a6cbe4e... ) To: abuse[at]loudpacket.com 1299286187 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Wednesday 2004/11/24 23:47:34 -0500: Nov.discount code, Conversion video is ready. 1299187010 ( http://www.finafarm.com ) To: abuse[at]ev1.net 1299187008 ( 67.43.151.116 ) To: spamcop[at]imaphost.com 1299187007 ( http://www.resultsmail.com/ ) To: abuse[at]loudpacket.com 1299187006 ( http://rm.resultsmail.com/unsubscribe.cfm?uid=b... ) To: abuse[at]loudpacket.com 1299187005 ( http://rm.resultsmail.com/route.cfm?mid=3adecb0... ) To: abuse[at]loudpacket.com 1299187004 ( 67.43.151.116 ) To: abuse[at]loudpacket.com -------------------------------------------------------------------------------- Submitted: Tuesday 2004/11/23 01:11:34 -0500: Help Us Fund Recount Ohio's Media Campaign: Contribute $20 in the Next Two Days 1297567510 ( 67.43.151.116 ) To: abuse[at]loudpacket.com Link to comment Share on other sites More sharing options...
Merlyn Posted December 5, 2004 Share Posted December 5, 2004 I hope you rid yourself of the pondscum. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 13, 2004 Author Share Posted December 13, 2004 What is interesting is we've found that an overwhelming majority (95% or so) of the reported complaints are being flagged with SpamAssassin as failing the FORGED_MUA_MOZILLA test. Pretty interesting considering we don't have an X-Mailer header at all. I think there's a fly in the ointment personally as this has only recently become a problem. That said, every complaint is investigated and if our customer can not provide us with proof of where they got their email list, and this proof does not match our terms of service, they will be cancelled. As mentioned, we have recently removed one customer as a result of sending mail to a spam trap (not to mention the message itself was extremely spammy). Link to comment Share on other sites More sharing options...
Merlyn Posted December 13, 2004 Share Posted December 13, 2004 Well I hope you dumped these spammers: From wwwmybalancedscoreca[at]bounce.resultsmail.com Mon Dec 13 12:13:58 2004 Delivery-date: Mon, 13 Dec 2004 12:13:58 -0500 Received: from [67.43.151.116] (helo=smtp1.resultsmail.com) by mail.victim.example with esmtp (Exim 4.41) id 1Cdtlm-0001x5-59 for x; Mon, 13 Dec 2004 12:13:58 -0500 Received: from nathan [10.1.2.101] by smtp1.resultsmail.com with ESMTP (SMTPD32-8.13) id AD9C35F0070; Mon, 13 Dec 2004 09:13:00 -0800 Date: Mon, 13 Dec 2004 09:13:04 -0800 (PST) From: "ActiveStrategy, Inc." <marketing[at]mybalancedscorecard.com> To: psbltrap[at]kernelnewbies.nl Subject: Webinar Reminder - Bringing Balanced Scorecards and Process Management Together Mime-Version: 1.0 Looks like they are using harvested addresses. Thier address list is not "Confirmed" I guarantee it!!!!!! You also had problems with them back in the spring and they are at it again. Why do you let spammers repeat themselves? Link to comment Share on other sites More sharing options...
Merlyn Posted December 17, 2004 Share Posted December 17, 2004 Well, maybe I will change my mind. 67.43.151.116 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 6 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week You are letting ActiveStrategy, Inc. use harvested email addresses(again/still), a lot of them. Doesn't look too good. Better get rid of your spammers. Are you actively supporting spammers now? Link to comment Share on other sites More sharing options...
Merlyn Posted December 24, 2004 Share Posted December 24, 2004 Well, ya missed another one! 67.43.151.116 listed in bl.spamcop.net (127.0.0.2) System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week listings in sightings! Looks like your clients at Ziba Music and RK promotion are spamming http://www.conceptk.net/nye/ through your system. Will you be removing your spammers? Link to comment Share on other sites More sharing options...
jeffjustice Posted December 28, 2004 Author Share Posted December 28, 2004 Well, ya missed another one! 67.43.151.116 listed in bl.spamcop.net (127.0.0.2) System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week listings in sightings! Looks like your clients at Ziba Music and RK promotion are spamming http://www.conceptk.net/nye/ through your system. Will you be removing your spammers? 21765[/snapback] With adequate proof we remove spammers. We just shut down one spammer this morning. If you wish to provide full details please PM me. The problem we have is we do not receive detailed reports... hence my original reason for posting on this board. We are more than willing to work with all of you to help keep our system clean but I'm not getting very far in my efforts. 99% of the complaints I have seen full reports on are due to false positives via SpamAssassin. Certainly details regarding who is tripping spam traps are a major concern... but again... we don't receive those details. I'm not going to post anymore to defend ourselves. Either work with us to help us remove offenders or don't. If you don't work with us it just takes us that much longer to remove them but eventually it does get done. Link to comment Share on other sites More sharing options...
Merlyn Posted December 28, 2004 Share Posted December 28, 2004 Everyone of them I posted here can be found publicly in NANAS (http://groups-beta.google.com/group/news.admin.net-abuse.sightings) They are there for the entire world to enjoy! Link to comment Share on other sites More sharing options...
Wazoo Posted December 28, 2004 Share Posted December 28, 2004 I really don't understand the mechanism described in; What is interesting is we've found that an overwhelming majority (95% or so) of the reported complaints are being flagged with SpamAssassin as failing the FORGED_MUA_MOZILLA test. On the other hand, Julian has been working something out with the SpamAssassin folks, referenced in the Topic at http://forum.spamcop.net/forums/index.php?showtopic=3129 As far as "working with you" ... are you in touch with any of the Deputies? On one hand, I can sympthize with your lack-of-data issues ... but, that others seem to have no problems finding spam samples, I'm still not sure of the SpamAssassin tie-in at all. This is primarily a user-to-user support area, and I've not seen your 'evidence' of the SpamAssassin connection or why you're not believing some of the other referenced spam samples, which certainly appear to have some connection to resources you say you control. No accusations, no name-calling, just pointing out that you seem to be ticked off about the discussion thus far, so also needing to point out that it's hard to discuss things not seen. The Deputies will have access to stuff "we" can't touch. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 29, 2004 Author Share Posted December 29, 2004 I apologize for my tone but this has been a frustrating experience. Been in touch with deputies. That didn't end up leading anywhere other than them supplying me with small snippets of headers. I thought we had made some progress after one round they provided me full headers but then it just went back to limited detail which was not helpful at all (just telling me the subjects of offending messages). It doesn't help to check on this thread and see nothing but accusations posted by the same person over and over again since I last commented here. If accusations are to be made we need more proof in order to act on them. We do act to remove customer's who violate our terms as has been shown not only to this thread (my word only I understand) but also to the deputies (they have been blind cc'd on notifications I've sent to customers we've cancelled after they have provided us details). My hosting provider is forwarding some complaints. The majority of the ones forwarded to me have been scored false positives via SpamAssassin. Here's a sample of the issue we are having with SpamAssassin scores Content preview: [ SpamCop V1.389 ] This message is brief for your comfort. Please use links below for details. Email from 67.43.151.116 / Wed, 8 Dec 2004 21:18:23 -0500 http://www.spamcop.net/w3m?i=z1310126068z8...0ba3bdb3c09634z [...] Content analysis details: (7.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.9 FROM_ENDS_IN_NUMS From: ends in numbers 0.7 FOR_FREE BODY: No such thing as a free lunch (1) 0.1 EXCUSE_10 BODY: "if you do not wish to receive any more" 0.2 EXCUSE_14 BODY: Tells you how to stop further spam 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us 0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here" 0.8 HTML_30_40 BODY: Message is 30% to 40% HTML 0.6 HTML_WEB_BUGS BODY: Image tag intended to identify you 0.0 HTML_MESSAGE BODY: HTML included in message 0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background 0.6 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date 2.7 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla 0.0 CLICK_BELOW Asks you to click below So you can deduct 4.2 points from this score and it goes through to the recipient. Here are the headers for that message Return-Path: <wwwpaloaltoresearchc[at]bounce.resultsmail.com> Received: from smtp2.dnd.ca (gps11.ndhq.dnd.ca [131.137.250.218]) by clover.marlant.hlfx.dnd.ca (8.11.2/8.11.2) with SMTP id iB91mX411459 for <x>; Wed, 8 Dec 2004 21:48:34 -0400 Received: (from root[at]localhost) by smtp2.dnd.ca with id iB92IU025724 for x; Wed, 8 Dec 2004 21:18:30 -0500 (EST) Received: from smtp1.resultsmail.com (smtp1.resultsmail.com [67.43.151.116]) by smtp2.dnd.ca with ESMTP id iB92IMD25277 for <x>; Wed, 8 Dec 2004 21:18:23 -0500 (EST) Received: from nathan [10.1.2.101] by smtp1.resultsmail.com with ESMTP (SMTPD32-8.13) id AE56119C00B2; Wed, 08 Dec 2004 09:48:06 -0800 Message-ID: <1425______________________________STEM[at]nathan> Date: Wed, 8 Dec 2004 09:48:13 -0800 (PST) From: Prentiss Brown <pbrown[at]mail-net.com> To: x Subject: A Log Management Strategy for VISA CISP Compliance Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1307915_32995288.1102528093625" X-mTrak-mID: e01f0164-1615-4307-8f98-5c35c6469024 X-mTrak-cID: 699c4087-b206-4d2c-ba6a-4afb1da82dc5 Status: X-Mozilla-Status: 8001 X-Mozilla-Status2: 00000000 X-UIDL: 3d0fae2f00003f24 Our from's do not end or start in numbers and we provide no X-mailer header at all. So how they determined we were forging Mozilla is beyond me. Also our dates are not in the past. As spam traps are super secret we do not receive reports on when these are triggered. However, this is a problem because we'd like to know who is using a harvested list as this is clearly against our terms of service and would be an aggrevated offense if our customer was also found to be in violation of CAN-spam. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.