nickjonson Posted July 11, 2019 Posted July 11, 2019 I see one problem is that when fighting spam users with an IP address, we might get rid of the real users without the stupid bot. What should I do?
MIG Posted July 11, 2019 Posted July 11, 2019 1 hour ago, nickjonson said: I see one problem is that when fighting spam users with an IP address, we might get rid of the real users without the stupid bot. What should I do? Hey Nickjonson, Could you provide some more specific, detailed information so we can answer address the questions please? Re: "we might get rid of the real users", (imo) there's always a "risk" however, it's not common... Have you had this happen, can you clarify please? Do you have any Spamcop tracking urls please? Please let us know? Cheers! G🦗H
Lking Posted July 11, 2019 Posted July 11, 2019 4 hours ago, nickjonson said: I see one problem is that when fighting spam users with an IP address, The source of an email can be identified by the FROM: line or the IP address found in the list of Received: lines in the header. The FROM: which looks like a good choice and is valid for all legitimate emails emails you received, it is easy to forge by the spammer (or anyone) and maybe a valid email for someone totally unrelated to the source of the spam. Although it could be a Joe Job, The forged/spoofed FROM: is just a randomly selected mailbox. The IP address found in the header Received: lines must point back to the true source (well mostly). If the IP address is not correct the network will not be able to do the required handshaking as the email (packets) move through the network to the destination. As you correctly observe, anyone using the same IP address will also be blocked along with the spammer who shares the IP address. But this is why spam reports are sent to the managers of the IP address i.e. the abuse[at]... for the IP address or block of addresses. This gives a 'caring" admin the opportunity check their logs, identify the sender and crush the bugs using their bandwidth. This is a good reason to have a dedicated IP address, especially if you rely on you email being delivered.
RobiBue Posted July 11, 2019 Posted July 11, 2019 16 minutes ago, Lking said: The source of an email can be identified by the FROM: line or the IP address found in the list of Received: lines in the header. The FROM: which looks like a good choice and is valid for all legitimate emails emails you received, it is easy to forge by the spammer (or anyone) and maybe a valid email for someone totally unrelated to the source of the spam. Although it could be a Joe Job, The forged/spoofed FROM: is just a randomly selected mailbox. Around 20 years ago, I used to send my wife occasional emails that would look like she sent them to me, just to make sure that she understood that anybody could send an email with spoofed/fake names. So the From: line in the headers is only valid for “trusted” emails. (And then, only if you trust them ) 23 minutes ago, Lking said: The IP address found in the header Received: lines must point back to the true source (well mostly). If the IP address is not correct the network will not be able to do the required handshaking as the email (packets) move through the network to the destination. As Lking states, the Received: line in the headers is the one that gets you closest to the original sender. Many times, though, a computer is hacked and some malware is installed, sending the spam from that computer without the knowledge of the real user. Sending spam reports to the ISP of said user is necessary to alert the ISP that the user is either a spammer or has compromised hardware. It is also possible that a company has their own mail server which is open and can be used as a proxy. For the latter, it is also important to have their ISP inform them that they are running an open proxy allowing spammers to abuse their system. HTH
Recommended Posts
Archived
This topic is now archived and is closed to further replies.