garymchu Posted March 13, 2008 Share Posted March 13, 2008 Hi, I use mailwasher to clean things up before sorting my mail. Many of the spam emails however will fake one of my sites email addresses in the source of the email. What they seem to do is insert the email address they are sending the spam to as the x-originating-email and x-sender example -------------------------------------- Return-path: <something[at]antiqbook.com> (Not our email and not the spammers domain either) Envelope-to: xxxxx[at]anythingflowers.com (our email that the spam was sent to) Delivery-date: Wed, 12 Mar 2008 17:02:49 +0000 Received: from ip-219-253-122-091.pools.atnet.ru ([91.122.253.219]) (Their server Russian surprize surprize)) by server1.2001web.org with smtp (Exim 4.68) (envelope-from <xxxxx[at]antiqbook.com>) (again not the spammers email) id 1JZULn-0003I5-U8 for xxxxxx[at]anythingflowers.com; Wed, 12 Mar 2008 17:02:49 +0000 X-Originating-IP: [61.24.149.08] (Unresolvable ip goodness knows who owns this) Here they have inserted our email address the same as the account that received the email. X-Originating-Email: [xxxxxx[at]anythingflowers.com] X-Sender: xxxxxxx[at]anythingflowers.com Message-Id: <20080312111234.2352.qmail[at]ip-219-253-122-091.pools.atnet.ru> To: <orders[at]anythingflowers.com> Subject: RE: Discount. Coupon #pkjln From: <xxxxxx[at]anythingflowers.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bi -------------------- My question is is it safe for me to tell mailwasher to report these to spamcop or will MY email get blacklisted????? Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 13, 2008 Share Posted March 13, 2008 Almost all server admins do not blacklist email addresses because it is common knowledge that email addresses are forged. Blocklists are always based on IP addresses. However, some spammers may add those email addresses to their lists when they get the spamcop report. Others may remove them (listwash), but sell them as 'live' addresses. There is an ongoing controversy about 'munging' (replacing your email address with an 'x') in reports. Some people are scrupulous about munging every possible instance before sending it to spamcop; other people turn the munging preference off. Spamcop will automatically mung your address, but misses some, usually in the body. IMHO, it is a waste of time to mung - from anecdotal evidence (some more scientific than others), it doesn't make much difference. Once you need to use a filter (such as Mailwasher), that email address is now going to get spam and it will fluctuate depending on when it got sold and who to (sometimes spammers seem to go on vacation; other times they seem not to understand the directions on their software and send 6 a day). It is much better use of your time to tweak your filters so that most spam is caught and no legitimate email is. Miss Betsy Link to comment Share on other sites More sharing options...
Lking Posted March 13, 2008 Share Posted March 13, 2008 However, some spammers may add those email addresses to their lists when they get the spamcop report. Others may remove them (listwash), but sell them as 'live' addresses. There is an ongoing controversy about 'munging' (replacing your email address with an 'x') in reports. Some people are scrupulous about munging every possible instance before sending it to spamcop; other people turn the munging preference off. Spamcop will automatically mung your address, but misses some, usually in the body. One report is anecdotal. Two reports is datum. Along that line I don't mung my reports and have not noticed any change in the volume of my spam (other than a general increase that reflects the general increase in spam). This general theme is a frequent thread. On the other hand sometimes I see a change in the mix, i.e. I must piss someone off. For example yesterday I got a bump in the "no effort degree" spam, all looking the same, addressed the same. Early morning I got 2 of these spam and reported them. Within an hour I got 4, then 8 ... By the afternoon I was getting 20/hr of this "get a degree in 3 weeks" spam. Then they stopped. Now was this a result of me reporting them or just a reflection of how they geared up their bots and zombies? Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 14, 2008 Share Posted March 14, 2008 While a lot of times, I think people get paranoid about spammers 'retaliating', it has happened. I had two different spammers send spam with 'messages' in the subject line - one was sorry, the other was mocking immediately after a report. And one of the ROSKO spammers actually spammed the report addresses (so that reporters got a spam as a reply) within a couple of hours of a manual report. I don't know whether he was fishing or my report was the last straw. However, many people think that the spammers are so automated now that it is unlikely that they even notice spamcop reports. OTOH, they could be programmed to send twice as many spam back to an email address found in a report. And while I am being anecdotal, I said, in the ng, that I hadn't gotten any spam even though I had exposed a real address in a post. Almost immediately I received a spam email at that address. Never got anymore, though. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.