Jump to content

Tracking sender of reports


darkangel

Recommended Posts

It took a while, but we learned our lesson.

Don't forget that Ellen, Richard, and I all used to be volunteers, too. We enjoyed the discussions in the forums, and participated a lot.

Those days are long gone. We can no longer discuss anything. The days of exchanging opinions and learning from the discussions are ancient history.

Now, every word we say is taken as a Pronouncement from On High and fed to the corners of the universe so they can be retrieved and thrown in our face until the end of time.

As you might imagine, it sort of puts a chill on our participation in the public areas.

- Don -

...Thanks, Don, this sheds a lot of light on various things!

...As far as the next-to-last paragraph, I am sorry that happens and sorry you feel that way. As Miss Betsy explained, there's a reason for your word being "taken as a Pronouncement from On High and fed to the corners of the universe" and it is not at all for the purpose of "throw[ing] [it] in [y]our face until the end of time," but, rather, for the purpose of trying to answer questions in concert with the only authority we see (however rarely it may be): you, Ellen and Richard. IOW, it's respect, not challenge. I understand (and trust that others do, as well) that what you write might not always be interpreted as you intend and I am not surprised or critical that you might need to clarify on occasion.

Link to comment
Share on other sites

Why would you munge the "From" address and the Boundary info? That looks like a total waste of time to me.

From addresses like "frsa804ew21aj[at]yahoo.com" could be used to identify the recipient. Boundary info (as far as I know), could also be used for this purpose, although this is probably less likely.

It's difficult to decide how much to mask, if anything at all. Perhaps I'm going overboard.

*sigh*

_da.

Link to comment
Share on other sites

From addresses like "frsa804ew21aj[at]yahoo.com" could be used to identify the recipient. Boundary info (as far as I know), could also be used for this purpose, although this is probably less likely. ...
Almost anything, anywhere in the messge, can be used to code the recipient's identity (and who would know?), the probabilities of just which parts they might be are effectively equal, I would say - and certainly it will often be found en claire as well. In the fullness of time you will find attachments with your name in the file name. You will find your name/address inside the attachments. You will find it scattered throughout the body of the message - I think the record mentioned in these pages was 24 times, a ridiculous superfluity in any event. And of course in forged From: and/or Reply to: headers and in the Subject: and some of the less common ones as well. The question is, for what purpose is this done? When it is in clear, as good an hypothesis as any might be "To discourage reporting." If it is coded, it would most certainly be for tracking/verification but where is the evidence that "they" actually do this in relation to reports/complaints? How does the spammer get his hands on any such report or complaint?
... It's difficult to decide how much to mask, if anything at all. Perhaps I'm going overboard.
Some would say you are, some would say you're not. Only you can tell and it takes experience and observation before you can make an informed judgement/educated guess. From *my* experience and judgement I think you would need to be quite special to receive special treatment from the spammers in general. They already have one or more of your addresses. That is all that most of them seem to need or want. But, as they always say, "YMMV".
Link to comment
Share on other sites

When spam reporting first began, spammers often retaliated against reporters which is why many people wanted to mung their email addresses. However, that spammer tactic did not work to deter reporters and now there are so many reporters, it is no longer, apparently, cost effective to identify reporters in order to retaliate and has been for a long time. Several years ago, when I first started reporting spam manually on occasion, I was identified by several spammers. But there were no attacks and, if they did listwash (see below) my address, it made no difference in the amount of spam received.

In addition, as Farelf mentions, spam reports rarely go directly to the spammer since most legitimate ISPs no longer allow spam and the ones who do are well known so reports are not sent, but only added to the blocklist. Another factor is that, because the spammer can't get responsible email service, they have resorted to stealing the resources of unsuspecting computer owners by infecting their machines. A very high percentage of spam is sent by these 'trojanned' machines or 'bots'. Again, there is no way that a report would reach a spammer.

The other reason for munging in the old days was to prevent 'listwashing' - or the removal of a reporter's address from a list so that the next spam run had less of a chance of being blocked. Now that almost every email service offers content filtering and in addition, simply drops anything from those IP addresses used by bots, listwashing is probably not cost effective either. Also, when listwashing did occur, according to anecdotal accounts by users, it made very little difference in the amount of spam received. Some reporters didn't mung on purpose so that they would get their email address removed expecting less spam.

The worst that happens now is that when an email address is harvested from a report, if the spammer does happen to get it, it is added to more lists as a 'live' address. But again, the effect seems to be not observable since once an email address has been obtained by the spammers, it is sold and resold to more and more spammers. spam increases and decreases according to an unknown rhythm whether munging is used or not.

And the best that happens from not munging is, if the report goes to a responsible server admin, it makes his job a lot easier to track down the mistake.

At one time there were lively discussions between users on whether to mung or not to mung. Those who were unafraid of retaliation vs those who didn't want criminals knowing their email address on principle. Those who thought a spam reporter's duty was to avoid listwashing and those who thought that it didn't matter or wanted to be listwashed. Those who thought reporting unmunged increased spam and those who contended it made no difference. There haven't been any such discussions in a long time. Anti-spam activities have, IMHO, made listwashing irrelevant. Now the spammers rely on large quantities of spam and evading content filters to reach a few suckers. If you read the discussions of how spammers move around websites to avoid being shut down, it seems obvious that they rely on quantity and evasion of content filters within a small window of opportunity before they are identified as spammers.

If you start to try to identify all instances that your email address can be identified as the reporter, sooner or later you are going to mung something that is not allowed. The alternatives to reporting unmunged are to report as a mole reporter or to change your email address to one that cannot be guessed by the dictionary spammers, use an alternative address for any online dealings (some people swear by sneakemail), and do not have any correspondents who are careless about security or forward your email to people who might be careless. I had an email address that was spamfree for a long time until someone among my correspondents or their correspondents got a virus that harvested my email address.

As Farelf says, it is your choice. You can spend a lot of time identifying possible markers and munging them. You can report unmunged. You can decide not to report.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...