Do you obfuscate email headers when reporting spam issues to clients?

Jimmy Hess mysidia at gmail.com
Thu Nov 7 01:02:00 UTC 2013


On Wed, Nov 6, 2013 at 6:27 PM, Nonaht Leyte <alif.terranson at gmail.com>wrote:

Any abuse department which outright rejects (or claims they are unable to
> process) an obfuscated ("munged") complaint is not to be trusted - period.
>

This is very credible from someone admitting to scrubbing reports, of
information required by some abuse teams to appropriately process
complaints,  *NOT*.  You say scrub....  Many would say:  munging  evidence,
 so that it  is no longer admissible,  or usable as supporting
documentation to suspend or terminate a subscriber's service.

There are abuse departments that would ignore such reports, or reply,
requesting information before proceeding, and they have that right;
especially,   if  the scrubbed reports  don't offer  sufficient evidence,
for their  particular investigation workflow to function.



> As a complainant, rather than the abuse@ recipient, I will always scrub my
> reports *thoroughly*, by removing the significant digits of time stamps,
> any unique identifiers I can find (from message-ID to unsubscribe links),
>



regardless of header obfuscation. Secondly, header obfuscation is NOT a
> waste of time for abuse@ - in fact, it is only marginally less useful than
> a "fully loaded" complaint. The reason is that even the smallest (or,


This is an assumption, that is only true in some cases.


> conversely, the most expertly organized) spammer will leave a complaint
> trail.  The complaints grow in importance as they grow in number: ten
>

Often the spammer will not leave a complaint trail;  they may very well
have sent 1000 messages,  that are logged with various different From:
addresses.

However,  non-spammers will also often leave a "complaint trail";   to give
an example: very often, non-spammers will even forward  their own mail to
another mailbox provider,  e.g. Yahoo/AOL,   and report duly forwarded spam
that arrives in their forwarding destination inbox,  as spam originating
from the forwarding provider.

Without the recipient address; the provider doing the mail forwarding has
no idea if it is the forwarded mail,  or  ordinarily sent mail  that is
being filed as spam.


--
-JH



More information about the NANOG mailing list