sstephy Posted May 16, 2005 Share Posted May 16, 2005 Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions? I'd like to know what some of the phrases, etc mean to better understand what SC is doing and what the spammers have figured out to hide their identity, etc. Such as : is not an MX for ....[at]...com Using last resort contacts Quick reporting Cached whois The above are just a few examples. I've looked through the FAQ and don't find any mention of many of the phrases and abbreviations that are used on the reports. Thanks for your help, Steph Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 16, 2005 Share Posted May 16, 2005 Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions? I'd like to know what some of the phrases, etc mean to better understand what SC is doing and what the spammers have figured out to hide their identity, etc. Such as : is not an MX for ....[at]...com Using last resort contacts Quick reporting Cached whois 28107[/snapback] to give a quick answer, but it might be a good FAQ when answered by someone who knows more than I do - have you not seen 'Yum, this spam is fresh' or 'I won't bother this ISP'? 'is not an MX for...' I don't remember what an MX is, but it somehow identifies the IP address as being false when tested. 'Using last resort contacts' means that the parser can't find anything using the usual contacts and will use the whois information, I think 'quick reporting' - is a method of submitting spam in batches with no confirmation by the reporter that it is spam. the method also only reports the source IP - no spamvertized links. 'cached whois' - I think that the parser saves the whois information it looks up and will use it again on the next spam for a while (to save time). I don't know how long it holds it. the reason it is mentioned is that whois information does change and the parser is supposed to be dynamic. In fact, reparsing the same spam hours later may come up with different results since the information the parser has looked up has changed. I don't think that finding out the parser lingo will help you to understand how the spammer hids his identity. What you want is a course on how to read headers and how to tell which ones are fake. Spammers hide their identities by sending their spew through open proxies. The open proxy does not keep a log the way a relay does so there is no way to know where the email came from that was sent from the open proxy. Also one cannot tell from headers 'who' the spammer is even if they did not forge anything. All one can tell is what IP address the spam came from (and then look up who that IP address belongs to and write that abuse desk). The abuse desk can tell who sent the spam, but they won't tell you unless you have a subpoena. White hat ISPs cancel the account; blackhat ISPs do nothing. Miss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted May 16, 2005 Share Posted May 16, 2005 Is there a list of abbreviations and phrases that are used in the spam Reports that I can use to look up the definitions?28107[/snapback] Please see the SpamCop Glossary.is not an MX for ....[at]...com Using last resort contacts 28107[/snapback] Please see my new SpamCop Glossary Entry.Quick reporting28107[/snapback] Please see SpamCop Glossary Entry "Quick Reporting".Cached whois28107[/snapback] Please see my new SpamCop Glossary Entry. Thanks! Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 17, 2005 Share Posted May 17, 2005 For a newbie, I don't think you explained 'cache' enough. (I figured out what it meant because I know what a cache is) Not all people know the basic meaning of the word and if they don't use computers very much except for email, may not realize that the whois information is saved (cached) on the parser computer to use again. There also must be an expiration time so that the parser looks it up again. I would put it under 'cache' - explaining what a cache is, not under whois. Doesn't the parser also cache abuse addresses from abuse.net? And maybe other information? Miss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted May 17, 2005 Share Posted May 17, 2005 For a newbie, I don't think you explained 'cache' enough.28162[/snapback] Thanks, you're right. I updated my most recent SpamCop Glossary Post to include "Cache". Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.