Do you obfuscate email headers when reporting spam issues to clients?
bill at herrin.us
Wed Nov 6 21:24:26 UTC 2013
On Wed, Nov 6, 2013 at 1:30 PM, Landon <landonstewart at gmail.com> wrote:
> How much trouble does your abuse department go to in order to obfuscate
> headers when providing evidence of spamming activity regardless of if it’s
> intentional/professional spammer activity or some kind of malware infection
> allowing a third party to spam. Especially for the pro spammers, we don’t
> want them list washing anything or worse yet becoming privy to spamtrap
> data if the reporting party wasn’t smart enough to obfuscate their own data
> before sending in the report.
It depends on the exact situation, but the general-purpose answer is:
none. zero. zip.
The customer usually can't act on your information unless he can line
it up with an entry in his own logs. He needs lots of details in the
headers to figure out which computer or which of his users the message
came from. And he needs that information to determine whether the
message really came from his system -- headers get forged, you know.
If he can line it up with an entry in his logs then, if he's a
spammer, he knows what address the message was sent to rendering your
obfuscation pointless. And by now spammers are very good at list
scrubbing from the slightest bit of uniquely identifiable information
they can get back. Assuming they bother, which many don't.
It does depend on the situation though. You shouldn't be forwarding
the customer 200 spam complaints. After a small sample of messages he
either has enough information to track the source of the problem or he
is the problem.
Also, when I bounce spam, I scrub my antispam engine's report from the
bounce. No point telling the spammer how he failed to reach me.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG