Do you obfuscate email headers when reporting spam issues to clients?

Anne P. Mitchell, Esq. amitchell at isipp.com
Wed Nov 6 22:16:55 UTC 2013



> On Wed, Nov 6, 2013 at 1:30 PM, Landon <landonstewart at gmail.com> wrote:
>> How much trouble does your abuse department go to in order to obfuscate
>> headers when providing evidence of spamming activity regardless of if it?s
>> intentional/professional spammer activity or some kind of malware infection
>> allowing a third party to spam.  Especially for the pro spammers, we don?t
>> want them list washing anything or worse yet becoming privy to spamtrap
>> data if the reporting party wasn?t smart enough to obfuscate their own data
>> before sending in the report.
> 
> Howdy,
> 
> It depends on the exact situation, but the general-purpose answer is:
> none. zero. zip.
> 
> The customer usually can't act on your information unless he can line
> it up with an entry in his own logs. He needs lots of details in the
> headers to figure out which computer or which of his users the message
> came from. And he needs that information to determine whether the
> message really came from his system -- headers get forged, you know.

Because this is an issue inherent primarily with bulk mail, we remove all identifying information *except* the unsub link, which *should* have a unique identifying token embedded within, from which the sender *should* be able to determine the complainant's email address.  And, if there is no such link, we use that as an opportunity to educate them as to *why* they need to include such a link (mind you, in order to be accredited with us the sender has to have already demonstrated that they comply with including an unsub link, but because many of our accreditation customers are ESPs, their customers may sometimes not be modelling 100% of best practices).

Regardless of unsub link, or anything else, if we get a spam complaint against one of our customers, we hold their feet to the fire, and require them to explain exactly how the particular list was built, how the address was acquired, etc..  Failure to do so can (and usually does) result in termination of their accreditation - in the case of an ESP, they have to take corrective measures against their spamming customer or the ESP will lose their accreditation.

Anne

Anne P. Mitchell, Esq.
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you get to the inbox instead of the spam filter?  SuretyMail!
Helping businesses keep their email out of the junk folder since 1998
http://www.isipp.com/SuretyMail






More information about the NANOG mailing list