Jump to content

SpamCop doesn't parse routing info correctly


Psychonaut
 Share

Recommended Posts

I'm running into an odd problem where SpamCop fails to correctly identify the source of an e-mail.

Here's the situation: the spammer in question is a crazy guy who has been mass mailing his incoherent rants to everyone in his address book for years. He always uses a Yahoo! Mail account, which he logs into at some public access library terminal at the University of Arizona. (He has admitted as much.) When I forward to SpamCop an offending e-mail that I received at my personal account (psychonaut[at]nothingisreal.com), SpamCop correctly identifies the source as an IP at the University of Arizona. My employer (spgb[at]worldsocialism.org) is also on the spammer's mailing list. However, when *they* (or I) send their copy of the very same e-mail to SpamCop, it fails to identify the source as the University of Arizona. This is very strange, since both copies of the e-mail contain the same Received header giving a U of A IP (128.196.165.21 = PUB-E3.AHSL.Arizona.EDU):

Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT

Both our domains, nothingisreal.com and worldsocialism.org, are hosted by DreamHost. The only major difference in our setup is that I use fetchmail to download my mail via POP3 from mail.nothingisreal.com and deliver it to a local mail server, whereas my employer checks mail via IMAP on mail.worldsocialism.org.

I reproduce here the headers of the e-mail in question in case anyone wants to check with SpamCop themselves. (SpamCop seems to allow submission of headers without a body for parsing purposes.)

Here is the version I received which SpamCop correctly parses. Tracking URL: http://www.spamcop.net/sc?id=z919791081z24...510714fd343b2az

Return-Path: <moreevilbaddeals[at]yahoo.com>
X-Original-To: psy[at]localhost
Delivered-To: psy[at]localhost.worldsocialism.org
Received: from localhost (localhost [127.0.0.1])
	by polecat.worldsocialism.org (Postfix) with ESMTP id 04EA6903D9
	for <psy[at]localhost>; Thu, 13 Apr 2006 00:15:50 +0100 (BST)
X-Original-To: psychonaut[at]nothingisreal.com
Delivered-To: frettchen[at]randymail-mx2.dreamhost.com
Received: from mail.nothingisreal.com [208.97.132.24]
	by localhost with POP3 (fetchmail-6.2.5)
	for psy[at]localhost (single-drop); Thu, 13 Apr 2006 00:15:50 +0100 (BST)
Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com [66.163.179.169])
	by randymail-mx2.dreamhost.com (Postfix) with SMTP id B492913B3E0
	for <psychonaut[at]nothingisreal.com>; Wed, 12 Apr 2006 16:07:40 -0700 (PDT)
Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u
3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5V
A/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw=;
Message-ID: <20060412230739.4650.qmail[at]web35715.mail.mud.yahoo.com>
Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT
Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT)
From: L-ightist Economist <moreevilbaddeals[at]yahoo.com>
Subject: Fwd: Re: JB:  Emails Violated and Erased by Unknown; Cannot Respond Immediately...EXPEL ME

Here is the version my employer received which SpamCop doesn't correctly parse. Tracking URL: http://www.spamcop.net/sc?id=z919793041z85...2f64fc298ebaa6z

Return-Path: <moreevilbaddeals[at]yahoo.com>
X-Original-To: spgb[at]worldsocialism.org
Delivered-To: spgb[at]randymail-mx1.dreamhost.com
Received: from enforcer.dreamhost.com (enforcer.dreamhost.com [66.33.220.4])
	by randymail-mx1.dreamhost.com (Postfix) with ESMTP id D18C434339
	for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by enforcer.dreamhost.com (Postfix) with ESMTP id AE0C017D010
	for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT)
Received: from enforcer.dreamhost.com ([127.0.0.1])
	by localhost (enforcer [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 04356-06 for <spgb[at]worldsocialism.org>;
	Wed, 12 Apr 2006 16:07:46 -0700 (PDT)
Received: from hesl01uker.he.local (smtpout.btconnect.com [213.123.26.90])
	by enforcer.dreamhost.com (Postfix) with ESMTP id ED6DF17D025
	for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:45 -0700 (PDT)
Received: from c2bthimr02.btconnect.com ([194.73.73.202]) by hesl01uker.he.local with Microsoft SMTPSVC(6.0.3790.211);
  Thu, 13 Apr 2006 00:07:42 +0100
Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com [66.163.179.169])
	by c2bthimr02.btconnect.com (MOS 3.5.9-GR)
	with SMTP id FRP26850;
	Thu, 13 Apr 2006 00:06:54 +0100 (BST)
Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u
3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5V
A/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw=;
Message-ID: <20060412230739.4650.qmail[at]web35715.mail.mud.yahoo.com>
Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT
Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT)
From: L-ightist Economist <moreevilbaddeals[at]yahoo.com>
Subject: Fwd: Re: JB:  Emails Violated and Erased by Unknown; Cannot Respond Immediately...EXPEL ME

Moderator Edit: Huge long lines broken up as they were impacting the Portal display.

Link to comment
Share on other sites

Both our domains, nothingisreal.com and worldsocialism.org, are hosted by DreamHost.  The only major difference in our setup is that I use fetchmail to download my mail via POP3 from mail.nothingisreal.com and deliver it to a local mail server, whereas my employer checks mail via IMAP on mail.worldsocialism.org.

42002[/snapback]

A bigger difference is that the failing parse is travelling first from Yahoo, through a btconnect.com account before being directed to dreamhost.com. That is where the parse is being lost, seemingly because of the naming of their servers. Their servers don't use their FQDN. The parser does not trust that handoff.

THis is likely a case where Mailhosts (defining the route your messages take to reach you) would help the parser get through this mess or btconnect needs to clean up their headers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...