StevenUnderwood Posted December 23, 2006 Share Posted December 23, 2006 So the bottom line is the reply masking address is shown to the ISP instead of the spammer's real address. The return address is virtually NEVER the "spammer's real address". The reason spamgormet uses them is that if you reply, that address forces it through their system and can be redirected back to the original (for spam, forged) address. Link to comment Share on other sites More sharing options...
lwc Posted December 23, 2006 Author Share Posted December 23, 2006 Would you stop repeating your mantra? I never said that address mattered, just that Spamcop reports it nonetheless and if it reports it, it might as well be the real address and not the reply masking address. Link to comment Share on other sites More sharing options...
Wazoo Posted December 23, 2006 Share Posted December 23, 2006 Would you stop repeating your mantra? Likewise ... Would you simply get around to providing a Tracking URL of whatever it is that you have been carryng on about, such that something tangible can be discussed. I never said that address mattered, just that Spamcop reports it nonetheless and if it reports it, it might as well be the real address and not the reply masking address. Excuse me ..... but your whole theme has been about addresses ... what has been asked a number of times is for a sanple of just what you are trying to discuss. Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 23, 2006 Share Posted December 23, 2006 Would you stop repeating your mantra? I never said that address mattered, just that Spamcop reports it nonetheless and if it reports it, it might as well be the real address and not the reply masking address. Generally when posters say, "spamcop reports....". they mean that the report goes to that server admin who administers the IP address that the spam has come from. The /source/ of the spam (the IP address where the spam comes from) is the important piece of information in the spam. The IP address where the spam comes from may, or may not, be the 'spammer's address' - generally at this time, it is not the spammer, but a computer that has been compromised unbeknownst to the server admin. There are still some blackhat server admins who permit spam to be sent. However, they are all on various other blocklists and, generally, are sent to dev null (no reports are sent, but the IP address is added to the spamcop blocklist). I think that you are using 'reports' to mean that in the report that is sent to the server admin, the addresses you are concerned about are not munged. However, there should be farther down in the headers the 'real' address. If you have spamcop's mailhosts properly configured, then the parser will find the proper source of the spam - no matter how many other headers have been added through forwarding. That's the purpose of mailhosts. If you have not configured mailhosts, and when you submit spam to spamcop, the parser offers to send a report to your mail server, then you cannot submit spam via spamcop until you have configured mailhosts. The 'real' spammer can be found sometimes by the URL in the body of the spam. However, that is a secondary purpose of spamcop. The parser often does not find the URL or the proper abuse address. In a discussion like this, it is sometimes wise to define terms: the 'real' address to the parser is the IP address from which the spam has come. The parser is able to determine the 'real' address from the headers. In complicated forwarding situations, the reporter has to have mailhosts configured so that the parser knows what headers are supposed to be there. The 'real' address of the spammer in the sense that one could contact the spammer directly is usually unknown to the parser and to the reporter since the spammer uses resources that are not his to send the spam. The headers contain information about all the computers that the spam went through to get to your computer. The spammers can forge all but the computer that actually received the spam and that computer knows what IP address that the spam came from. Someone experienced in reading headers can see at a glance what headers are forwarding and would know that a report from you was a report from a spamgourmet user. They would also be able to find out what IP address the spam was coming from without the aid of spamcop. Presumably all server admins who are receiving spamcop reports are experienced in reading headers. Those who use spamcop reports want to see /all/ the headers to verify that the parser has not made a mistake (software sometimes doesn't do exactly what you want it to - hence the creation of mailhosts). I am not sure what you are concerned about. Peope mung their email addresses so that if the spamcop report goes to someone (particularly an abuse address for the URLs in the body of the spam) who would use the information in the headers to add email addresses to lists or to retaliate, or to take that email address off their list so that they don't get reported any more, then we are talking about a discussion about the value of munging email addresses and listwashing and legal requirements. I think I already summed up my opinion on that. If you are concerned that the spammer will use the information in the headers to evade spamgourmet's method of operation, then probably you should be discussing this with other spamgourmet users. As I said, I think that if spamgourmet was particularly concerned, they would tell users not to use spamcop services and spamgourmet at the same time. spamcop could possibly mung the headers, but there are other 'special' circumstances out there and spamcop can't possibly accommodate all of them without making the parser code unwieldly. Perhaps knowing that no one else has been able to write software that does what spamcop does well enough to be used by non-technically fluent people will help you to understand why spamcop cannot accommodate all other spam filtering services. It is extremely complicated. If you just don't want to reveal more information than is absolutely necessary to unknown people, then you will have to stop using both spamgourmet and spamcop. How you choose to configure your spam filtering is up to you. The bottom line is that it defeats spamcop's purpose to make any alterations in the headers so that no matter how good the reasons or how knowledgeable the reporter so that he doesn't alter anything that would affect the outcome of the parser, no alterations in the headers are allowed. You can use spamcop to find the proper abuse addresses and make manual reports. As I said, sometimes those reports are just as, or more effective, if they go to whitehats. If you are not using the scbl to filter your spam, then you are not particularly interested in feeding the bl. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.