Do you obfuscate email headers when reporting spam issues to clients?

Nonaht Leyte alif.terranson at gmail.com
Thu Nov 7 00:27:35 UTC 2013


> If you send him a complaint scrubbed in the manner you describe, he
> won't have enough information to act. You'd basically be wasting both
> his time and yours.

As many here know, I spent 4 years on the receiving end of the
abuse at savvisbox: when I was hired it was for multiple roles, but the
abuse at was a primary.  Savvis had a significant spam problem when I
arrived, and
until just a few months before I left, had literally none.

First of all, *every* abuse email should be seriously investigated,
regardless of header obfuscation. Secondly, header obfuscation is NOT a
waste of time for [email protected] - in fact, it is only marginally less useful than
a "fully loaded" complaint. The reason is that even the smallest (or,
conversely, the most expertly organized) spammer will leave a complaint
trail.  The complaints grow in importance as they grow in number: ten
complaints in the morning abuse email tells me that there is a serious
problem with the sender, even if every single header and other identifying
information is removed from the complaints.  Ten complaints may not
indicate malice (although it usually does), but it does tell [email protected] to
start their resolution clock.

Any abuse department which outright rejects (or claims they are unable to
process) an obfuscated ("munged") complaint is not to be trusted - period.
The abuse department that wont respond to munging is deliberately closing
their eyes to abuse on their network.  Any [email protected] that fails to immediately
act on reports of third-party beneficiaries (for example, drop boxes or
ordering websites) on their network is doing the same thing.

As a complainant, rather than the [email protected] recipient, I will always scrub my
reports *thoroughly*, by removing the significant digits of time stamps,
any unique identifiers I can find (from message-ID to unsubscribe links),
and anything else I think can possibly be used to listwash.  The only
exception to this is if I am reporting to someone I know and explicitly
trust (and there are damn few of those left).

As the [email protected] guy, I would strongly encourage scrubbed reports, even
reports which prove nothing other than an email went out that was unwanted
(as opposed to unsolicited - it's not uncommon for people to make "spam
complaints" rather than unsubscribe from mailings they legitimately
subscribed to).  There are a multitude of internal [& proprietary] tools at
most ISPs that can lead to the appropriate determination as to what is or
isn't spamming, but for the tools to be used, there needs to be a starting
complaint(s).

//Alif




On Wed, Nov 6, 2013 at 4:40 PM, William Herrin <bill at herrin.us> wrote:

> On Wed, Nov 6, 2013 at 5:16 PM, Anne P. Mitchell, Esq.
> <amitchell at isipp.com> wrote:
> > Because this is an issue inherent primarily with bulk mail,
> > we remove all identifying information *except* the unsub link,
> > which *should* have a unique identifying token embedded
> > within, from which the sender *should* be able to determine
> > the complainant's email address.
>
> Hi Anne,
>
> Judging from Landon's web page a vanishingly small percentage of his
> customers are in the opt-in mailing list business. He's in the generic
> hosting business, so aside from the abusers his customers will tend to
> be heavy on single-recipient administrative emails rather than mailing
> lists.
>
> If you send him a complaint scrubbed in the manner you describe, he
> won't have enough information to act. You'd basically be wasting both
> his time and yours.
>
>
> > Failure to do so can (and usually does)
> > result in termination of their accreditation
>
> Accreditation of what?
>
> Regards,
> Bill Herrin
>
>
>
> --
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>
>



More information about the NANOG mailing list