Do you obfuscate email headers when reporting spam issues to clients?
Jimmy Hess
mysidia at gmail.com
Thu Nov 7 01:02:00 UTC 2013
On Wed, Nov 6, 2013 at 6:27 PM, Nonaht Leyte <alif.terranson at gmail.com>wrote:
Any abuse department which outright rejects (or claims they are unable to
> process) an obfuscated ("munged") complaint is not to be trusted - period.
>
This is very credible from someone admitting to scrubbing reports, of
information required by some abuse teams to appropriately process
complaints, *NOT*. You say scrub.... Many would say: munging evidence,
so that it is no longer admissible, or usable as supporting
documentation to suspend or terminate a subscriber's service.
There are abuse departments that would ignore such reports, or reply,
requesting information before proceeding, and they have that right;
especially, if the scrubbed reports don't offer sufficient evidence,
for their particular investigation workflow to function.
> As a complainant, rather than the abuse@ recipient, I will always scrub my
> reports *thoroughly*, by removing the significant digits of time stamps,
> any unique identifiers I can find (from message-ID to unsubscribe links),
>
regardless of header obfuscation. Secondly, header obfuscation is NOT a
> waste of time for abuse@ - in fact, it is only marginally less useful than
> a "fully loaded" complaint. The reason is that even the smallest (or,
This is an assumption, that is only true in some cases.
> conversely, the most expertly organized) spammer will leave a complaint
> trail. The complaints grow in importance as they grow in number: ten
>
Often the spammer will not leave a complaint trail; they may very well
have sent 1000 messages, that are logged with various different From:
addresses.
However, non-spammers will also often leave a "complaint trail"; to give
an example: very often, non-spammers will even forward their own mail to
another mailbox provider, e.g. Yahoo/AOL, and report duly forwarded spam
that arrives in their forwarding destination inbox, as spam originating
from the forwarding provider.
Without the recipient address; the provider doing the mail forwarding has
no idea if it is the forwarded mail, or ordinarily sent mail that is
being filed as spam.
--
-JH
More information about the NANOG
mailing list