Do you obfuscate email headers when reporting spam issues to clients?

Jimmy Hess mysidia at
Thu Nov 7 00:11:27 UTC 2013

On Wed, Nov 6, 2013 at 12:30 PM, Landon <landonstewart at> wrote:

> Hello,
 How much trouble does your abuse department go to in order to obfuscate

> headers when providing evidence of spamming activity regardless of if it’s
> intentional/professional spammer activity or some kind of malware infection
> allowing a third party to spam.

I suggest using separate spam traps for reporting,  from spam traps used to
develop filters and blacklists, seeded/published  at similar places.

Don't report spam hitting secret spamtraps;  just use what is received at
secret spam traps to develop the spam corpus, blacklists, or filtering

There are exceptions,  but  when reporting spam:  the recipient needs
actionable information.     Not just  someone claiming that there is spam
from them.  If they are the upstream IP network abuse contact
or operator of a large mail server, they should see who it came from,  who
it went to,   the timestamps, message ids, and full headers.

The stuff you could remove to make "list washing"  hard or disguise a spam
trap,  is the same stuff  the receiver of your report needs, to efficiently
and effectively help identify their outbreak,  and put a stop to the spam,
   so you're also making  it hard
for legitimate contacts   to   find the appropriate log entry, and match
the e-mail message to the account it came from.


More information about the NANOG mailing list