Do you obfuscate email headers when reporting spam issues to clients?

Jimmy Hess mysidia at
Thu Nov 7 01:02:00 UTC 2013

On Wed, Nov 6, 2013 at 6:27 PM, Nonaht Leyte <alif.terranson at>wrote:

Any abuse department which outright rejects (or claims they are unable to
> process) an obfuscated ("munged") complaint is not to be trusted - period.

This is very credible from someone admitting to scrubbing reports, of
information required by some abuse teams to appropriately process
complaints,  *NOT*.  You say scrub....  Many would say:  munging  evidence,
 so that it  is no longer admissible,  or usable as supporting
documentation to suspend or terminate a subscriber's service.

There are abuse departments that would ignore such reports, or reply,
requesting information before proceeding, and they have that right;
especially,   if  the scrubbed reports  don't offer  sufficient evidence,
for their  particular investigation workflow to function.

> As a complainant, rather than the [email protected] recipient, I will always scrub my
> reports *thoroughly*, by removing the significant digits of time stamps,
> any unique identifiers I can find (from message-ID to unsubscribe links),

regardless of header obfuscation. Secondly, header obfuscation is NOT a
> waste of time for [email protected] - in fact, it is only marginally less useful than
> a "fully loaded" complaint. The reason is that even the smallest (or,

This is an assumption, that is only true in some cases.

> conversely, the most expertly organized) spammer will leave a complaint
> trail.  The complaints grow in importance as they grow in number: ten

Often the spammer will not leave a complaint trail;  they may very well
have sent 1000 messages,  that are logged with various different From:

However,  non-spammers will also often leave a "complaint trail";   to give
an example: very often, non-spammers will even forward  their own mail to
another mailbox provider,  e.g. Yahoo/AOL,   and report duly forwarded spam
that arrives in their forwarding destination inbox,  as spam originating
from the forwarding provider.

Without the recipient address; the provider doing the mail forwarding has
no idea if it is the forwarded mail,  or  ordinarily sent mail  that is
being filed as spam.


More information about the NANOG mailing list