SpamMATTERS Reporting

[Farelf]

For those in Oz, the ACMA (Communications & Media Authority) offers an add-on for Outlook and Outlook Express users to give a one-button submission of "forensically intact" spam data for review and possible action by the Authority or the Australian Federal Police. Multiple spam can be selected at once. While the Authority allows for the possibility of "international co-operation"* it would seem the most fruitful investigations would be in pursuit of Australian spam sources since the primary role is enforcement of the spam Act of Oz. Less than (guessing) one percent of my spam seems to have an Australian source.

Details http://www.acma.gov.au/interforms/spam/spammatters.htm

Despite SpamMATTERS' own thoughts on the matter, ACMA have opened up the system's use to the general community in Australia.

I've used it for about a month at work - problem-free installation (of the Outlook version), effortless to use, generally seems okay, just one brief period so far when the server was down at the receiving end.

*The Oz experience of international cooperation is a touch troubled - http://www.theaustralian.news.com.au/story...64-2702,00.html - the tasking of police officers needs to include the critical directions "one instruction at a time," and "keep away from things that can be put in the mouth." Cheap shot, sorry, the devil made me do it.

[Wazoo]

Went all through the FAQ, support/install pages, etc. but don't see just how they handle the Outlook header/body content issues ....???? Of course, also noting that they only support/go-back to Win-ME and Outlook 2000 ..... nothing about changng/adding on output address (i.e. if their executable somehow resolves the Outlook mangling of the e-mail, then perhaps it could have also been used as a submittal tool to the SpamCop.net system)

[Farelf]

... but don't see just how they handle the Outlook header/body content issues ....????

Yep, same ocurred to me yet they say (and have convinced others) that the data so gathered is "evidence grade". That can mean anything of course but the term "forensically intact" is also used and seems fairly precise (??). The SpamMatters website http://www.spammatters.com/html/index.php talks about "Detailed forensic analysis" which would seem a risky terminology unless they actually gathered the full header detail. If they don't get at least the last IP address they have no basis to identify the source in almost any piece of spam. My assumption is that the source (of at least the header) is included in the data transmitted and clearly that information is within the message in the intray because the applications themselves can display it.

It also occurred to me that, if it actually relays "forensically intact" header and body content then it is, indeed, an elegant tool for submission from Outlook which is otherwise a total pain but often/usually stipulated for use by corporate users. There is no provision to copy to other addresses from the ACMA implementation but a heap of ways to use the technology for SpamMatters paying customers (looking again at their website). All delightfully vague at the tech level - I will ask them straight out if they recover the IP address.

[Farelf]

Spoke to SpamMatters - IIUC, the (Outlook) message is forwarded to them by their system in native message format (.msg?), usually retained as .eml but bottom line is they can and do use further processing to reveal full headers and body source, just the same as the the original recipient could. This is currently under human intervention - their initial analysis is to detect "trends" (presumably in the content), with a particular emphasis on early detection of bot-net spam distribution, the emergent problem on the internet. Comment is that ACMA have sprung straight into full international co-operation which makes uncommon sense for gov't instrumentality.

I don't see a practical solution for individual reporters to use a SpamMatters interface with SpamCop as things stand (operating under the delusion that I understand how it all works). Large corporations, a different matter, perhaps, if they wanted to get involved in spam solutions as an economic proposition.

Incidentally, it was my informant's belief that ACMA has required Australian providers to filter email traffic in and out of their servers for at least the past six months. If so, I'm surprised this information has not surfaced before now (or that the ordinary customers who end up paying for it haven't been specifically and individually advised).