Jump to content

[Resolved] Should I remove headers added by my mail server?


cameron

Recommended Posts

Posted

Greetings... My mail server adds information after running emails through spam filters that describe the outcome. Should I remove this information from the header(and occasionally body) before submitting? I would think so, but I just wanted to be sure. For example, see the bolded text in the spam message below:

Received-SPF: none (No spf record for (modomail.com) ) client-ip=66.89.67.230; envelope-from=<David.Grubbs[at]modomail.com>;

Received: from 66.89.67.230.ptr.us.xo.net (unverified [66.89.67.230])

by XXXXXX

for multiple; Wed, 25 May 2005 11:45:18 -0500

Return-Path: <David.Grubbs[at]modomail.com>

Return-Path: <MatthewRandle[at]doramail.com>

Received: from mypersonalemail-fe3.mypersonalemail.com (mail.mypersonalemail-fe3 [68.99.76.18])

  by be3 (Cyrus v2.2.10) with LMTPA;

  Thu, 26 May 2005 11:38:11 -0600

X-Sieve: CMU Sieve 2.2

Received: from netster.com (bay10-f23.bay10.netster.com [205.206.208.228])

        by burton-fe3.burton.com (8.12.11/8.12.11) with ESMTP id j4BM34K2003669

        for XXXXXXXX; Thu, 26 May 2005 14:35:11 -0300

Received: from mail pickup service by doramail.com with Microsoft SMTPSVC;

  Thu, 26 May 2005 20:32:11 +0300

Message-ID: <BAY10-F236A1BA650DC2A5994D6D0B0400[at]phx.gbl>

Received: from 66.79.169.50 by by10fd.bay10.doramail.com with HTTP;

Thu, 26 May 2005 10:38:11 -0700

X-Originating-IP: [66.79.169.50]

X-Originating-Email: [MatthewRandle[at]doramail.com]

X-Sender: MatthewRandle[at]doramail.com

From: "Matthew" <MatthewRandle[at]doramail.com>

To: XXXXXXXX

Subject: Suspected spam: Link Code inside

Date: Thu, 26 May 2005 16:32:11 -0100

Mime-Version: 1.0

Content-Type: text/plain; format=flowed

X-OriginalArrivalTime: Thu, 26 May 2005 11:33:11 -0600 (UTC) FILETIME=[8626B350:01C55675]

X-Server: High Performance Mail Server - http://surgemail.com

X-ORBS-Stamp: IP Address found in Spamcop, see http://spamcop.net/w3m?action=checkblock&ip=66.89.67.230

X-Rcpt-To: XXXXXXXX

X-Rcpt-Original: XXXXXXXX

X-SpamDetect-Info: This message may be spam see http://www.smitespam.com for more information

X-SpamDetect: *****: 5.000000 Repeat Spammer=2.0,Sender's IP was on Spamcop RBL=3.0

X-IP-stats: No info recorded yet

X-External-IP: 66.89.67.230

Status: U

XXXXXXXX

X-SpamDetect-Info: ------------- Start SmiteSpam results ---------------

X-SpamDetect-Info: This message may be spam. This message BODY has been altered so

X-SpamDetect-Info: your mail client can be set to filter it, see http://smitespam.com/body.htm

X-SpamDetect: *****: 5.000000 Repeat Spammer=2.0,Sender's IP was on Spamcop RBL=3.0

X-SpamDetect-Info: ------------- End SmiteSpam results ---------------

We tried to contact you earlier about flnanclng your home at a lower rate.

I would like to let you know that we have gone ahead and started

the preapproval process,

Here are the results:

*Account ID: [941-XXXXXXXX-550]

*Negotiable Amount: $97,272 to $232, 479

*Rate: 3.63% - 5.39%

For more information or to have a broker contact you please visit:

http://XXXXXXXX.h3arts.net/formupdate.asp

Best Regards,

Matthew Randle,

Account Manager

Database Deletion:

http://XXXXXXXX.h3arts.net/deletion.asp

I've obviously XXXXXXXX'd out my personal information... And, as my mail server is reporting that this IP is already in SpamCop, I wouldn't report it... but my question is just should I remove the bolded stuff before submitting to give SpamCop the ability to parse the original untainted message. My gut reaction is yes, just wanted to check here...

Thanks!

Cameron

Posted
Greetings... My mail server adds information after running emails through spam filters that describe the outcome.  Should I remove this information from the header(and occasionally body) before submitting?  I would think so, but I just wanted to be sure.  For example, see the bolded text in the spam message below:

I've obviously XXXXXXXX'd out my personal information...  And, as my mail server is reporting that this IP is already in SpamCop, I wouldn't report it... but my question is just should I remove the bolded stuff before submitting to give SpamCop the ability to parse the original untainted message.  My gut reaction is yes, just wanted to check here...

28540[/snapback]

You may not need to, but you should check a few parses to see if the links show up as trying to be reported to.

The only other issue that I see right away (without attempting to parse it) is the blank line in this portion:

Status: U

XXXXXXXX

X-SpamDetect-Info: ------------- Start SmiteSpam results ---------------

That blank line indicates the end of the headers and the start of the body, so everything below the blank line is the body. In other words: http://smitespam.com/body.htm might attempt to be reported for every one of your submissions. Most abuse desks should recognize that as part of the delivery process and ignore it, but you would have to uncheck:

Reporting addresses:

abuse[at]interland.com

abuse[at]interland.net

for each of your submissions (full reporting). Quick reporting would not have that issue as it does not report web pages.

Posted

Hmmm - if I am reporting as a mole, does any of this matter?

I just read somewhere if I am reporting as a mole, they don't send my reports, they only process them?

Is that true?

Posted
Hmmm - if I am reporting as a mole, does any of this matter?

I just read somewhere if I am reporting as a mole, they don't send my reports, they only process them?

Is that true?

28548[/snapback]

...As to not sending reports: yes, IIUC you are correct. See SpamCop FAQ: What is "mole" reporting? and a more detailed update SpamCop Discussion > Announcements > Pinned: Mole Reporting is Back.
Posted
... as my mail server is reporting that this IP is already in SpamCop, I wouldn't report it...

28540[/snapback]

In general, the fact an IP address is already in the SCBL should not be taken to mean that further reporting of it is pointless. If the spam run is continuing then progressive current reports will keep it there until the ISP finally reins in the errant user or until "x" hours after he gives up spamming, whichever happens first. It may or may not be the case that most are "hit and run" so it may or may not make much "statistical" difference but Wazoo, for one, has advocated elsewhere their continued reporting while the little devils are still active and I have personally observed some worthwhile extensions of IPs' time in the sin bin.

The fight against the myrmidons of spamdom is *warfare* and as my old Granddad would say, "Omit no opportunity to discombobulate the ungodly!" I have no idea what the hell he was talking about, but I'm sure his heart was in the right place. As should be ours.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...