Do you obfuscate email headers when reporting spam issues to clients?
rsk at gsp.org
Thu Nov 7 18:43:00 UTC 2013
On Wed, Nov 06, 2013 at 07:31:54PM -0500, Jon Lewis wrote:
> If you know you have pro spammers on your network, the question
> isn't how much to obfuscate spam complaints you receive...it's why
> haven't you terminated the customer(s)?
Another question is "why are you relying on third parties to tell you
that abuse is outbound from your operation? Why don't you already know?"
Alright, two questions. But my point is that all competent operations
have their own set of diverse spamtraps AND they not only passively
monitor them, but they actively seed them in order to detect spammers.
This not only gives them a chance to pro-actively terminate spammers
before they have the opportunity to abuse third parties, but it also
enables independent, controlled corroboration of reports received --
whether obfuscated or not. (Anything received at those spamtraps other
than an attempt to confirm a subscription via a proper COI process
is clearly spam or a typo. The incidence rate of the latter can be
decreased at will with minimal effort.)
More information about the NANOG