Jump to content
Sign in to follow this  
Excursus

"Date Received" in the Past

Recommended Posts

Hi,

I receive hundreds of spam emails per day. After starting to report them to SpamCop, I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago. Since I clear out junk email every day, an email which arrived two or three days ago would no longer exist for me to report.

My thoughts on this are as follows: If a spammer knows about the fact that SpamCop doesn't process spam which is older than two days, then it would be in their interest to make it look like the spam arrives a lot earlier than it actually does. Effectively, they then have a kind of immunity...

Is this at all possible? And if so, is it a known issue?

Not looking for answers, just making an observation.

--Excursus--

Share this post


Link to post
Share on other sites
I receive hundreds of spam emails per day. After starting to report them to SpamCop, I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago. Since I clear out junk email every day, an email which arrived two or three days ago would no longer exist for me to report.

Tracking URL of a sample so that headers can be properly discussed ..???

Is this at all possible? And if so, is it a known issue?

31987[/snapback]

Sure it's possible .... if you're going to stand on the fact that this means that your ISP is working with the spammer to 'hold' your e-mail until it's too old to report.

Share this post


Link to post
Share on other sites
Sure it's possible .... if you're going to stand on the fact that this means that your ISP is working with the spammer to 'hold' your e-mail until it's too old to report.

Why do we start by assuming Excursus or their ISP has a loose screw?

I also have in the passed received an odd "old" spam. Old as in 1-2 days old so that it gets "hidden" in the short list of deal-with-it-later email. Some also have figured out how to be marked as read so they don't stand out.

Before I had all the spam filters in place I now have, the 'old' spam with a virus were kind of a delayed bomb. I never did figure out what value they served the spammer, but what Excursus reports is a fact without having a conspiratorial ISP.

Share this post


Link to post
Share on other sites
Why do we start by assuming Excursus or their ISP has a loose screw?

32003[/snapback]

We did not say that, but the date used is NOT from the original message but from the datestamp the last (first to receive) trusted source put there.

There are other discussions in these forums and a FAQ entry. http://www.spamcop.net/fom-serve/cache/188.html

The way any one application displays a message and the Parsing of that message are totally different. Most (all?) mail applications use the date specified as the creation date, usually put there when the message was sent (by trustworthy application). Those are easily modified since it is only text and there at the creation point.

Share this post


Link to post
Share on other sites

So if we go back and read the original post we note that we are talking about what Excursus "sees" in his mail application not what SC does.

I have noticed that every so often, I will receive a spam which "allegedly" arrived two or three days ago.

Maybe StevenUnderwood is circling the correct question

The way any one application displays a message and the Parsing of that message are totally different.

So Excursus, what app are you using to look at your email? Have you looked at the source code <Ctrl-U> to see which date in the header is being displayed vis which one SpamCop uses.

Had to take out some spaces :)

Edited by Lking

Share this post


Link to post
Share on other sites
Why do we start by assuming Excursus or their ISP has a loose screw?

No assumptions made. Response was based on the query of a "spammer exploit" of using bad dates. Technically, the dates entered by spammer should have little effect on the parser, as the dates normally 'driving' the selection process should be from servers after the spam left the spammer's control. As stevenunderwood has already pointed out, the "displayed" e-mail in the user's application may look at another header line to use for its sorting order.

I also have in the passed received an odd "old" spam. Old as in 1-2 days old so that it gets "hidden" in the short list of deal-with-it-later email.  Some also have figured out how to be marked as read so they don't stand out.

Before I had all the spam filters in place I now have, the 'old' spam with a virus were kind of a delayed bomb.  I never did figure out what value they served the spammer, but what Excursus reports is a fact without having a conspiratorial ISP.

32003[/snapback]

One bit of history/example was in the days of the [at]Home service. They had a rack of service "float" computers sitting on a shelf. When an e-mail server crashed/died, they simply pulled one of these machines off the shelf and replaced the dead computer. The dead computer got repaired and went back on the shelf. At some point in future time, another server would go down and this fixed system would get plugged in, picking up right where it left off, delivering the e-mail from the time before the crash. There was a bit of a contest on showing the "oldest" "new" e-mail received, many cases of e-mail over a year old being delivered 'today' ....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×