shop-talk
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Recommendations for handling spam

from [Richard Welty] [Permanent Link][Original]
To: shammatt@sos.net
Subject: Re: Recommendations for handling spam
From: Richard Welty <rwelty@krusty-motorsports.com>
Date: Sun, 28 Dec 1997 00:16:40 -0500 
At 09:02 PM 12/27/97 -0800, Steve Hammatt wrote:

>I appreciate your comments.  Can you enlighten us on now best to 
>respond?

the tricky part is determining the real source; this is where the netcom
"help" message is badly flawed. generally, there are received: lines in all
message headers. each time a message passes through a system, the system
should add a new Received: line at the front of the message.

in a perfect world, the netcom advice on finding the "first" received line
would be good advice. this is not a perfect world; spammers know perfectly
well how to forge received lines (it's easy and it's fun. if you all knew
how easy it was to forge very nice looking email messages, you'd be pretty
shocked.)

you end up needing to examine received: lines looking for the ones that
don't make sense. this can be difficult, because the standards are not very
detailed, and because some of the older and cruftier mail relays don't
include enough information. interpreting received lines is rather a black art.

you are looking for one of two possibilities:

the spammer is working from a "legit" address; they have a domain and an ISP
and they're spamming from a fixed location. these are easy. the problem
comes when you get "drive by" spamming; spammers who open up a throwaway
account with an ISP, and then spam through an unprotected mail relay. these
latter are the ones where interpretation is difficult, and netcom is wimping
out on the abuse problem.

i suggest taking a look at some of the spam resource pages;
http://spam.abuse.net is a good one, and the resources at the maps page --
http://maps.vix.com/ -- are very nice as well.

and in examining the message you got from netcom, i see it came from matt.
matt understands the issues, but he is very limited in what he can do
because of heavy netcome management oversight. it's got to be an incredibly
frustrating situation there. netcom has earned their listing on the realtime
blackhole list.

sigh,
  richard
-- 
Richard Welty                                             518-783-9003 (days)
rwelty@krusty-motorsports.com              http://www.krusty-motorsports.com/
welty@inet-solutions.net (<== real job)        http://www.inet-solutions.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Recommendations for handling spam, Steve Hammatt
Next by Date:  Re: Recommendations for handling spam, Duncan120
Previous by Thread:  Re: Recommendations for handling spam, Steve Hammatt
Next by Thread:  Re: Recommendations for handling spam, Duncan120
Indexes:  [Date] [Thread] [Top] [All Lists]