[166752] in North American Network Operators' Group
Re: Do you obfuscate email headers when reporting spam issues to
daemon@ATHENA.MIT.EDU (Anne P. Mitchell, Esq.)
Wed Nov 6 17:17:34 2013
From: "Anne P. Mitchell, Esq." <amitchell@isipp.com>
In-Reply-To: <mailman.1274.1383775233.40664.nanog@nanog.org>
Date: Wed, 6 Nov 2013 15:16:55 -0700
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> On Wed, Nov 6, 2013 at 1:30 PM, Landon <landonstewart@gmail.com> =
wrote:
>> How much trouble does your abuse department go to in order to =
obfuscate
>> headers when providing evidence of spamming activity regardless of if =
it?s
>> intentional/professional spammer activity or some kind of malware =
infection
>> allowing a third party to spam. Especially for the pro spammers, we =
don?t
>> want them list washing anything or worse yet becoming privy to =
spamtrap
>> data if the reporting party wasn?t smart enough to obfuscate their =
own data
>> before sending in the report.
>=20
> Howdy,
>=20
> It depends on the exact situation, but the general-purpose answer is:
> none. zero. zip.
>=20
> The customer usually can't act on your information unless he can line
> it up with an entry in his own logs. He needs lots of details in the
> headers to figure out which computer or which of his users the message
> came from. And he needs that information to determine whether the
> message really came from his system -- headers get forged, you know.
Because this is an issue inherent primarily with bulk mail, we remove =
all identifying information *except* the unsub link, which *should* have =
a unique identifying token embedded within, from which the sender =
*should* be able to determine the complainant's email address. And, if =
there is no such link, we use that as an opportunity to educate them as =
to *why* they need to include such a link (mind you, in order to be =
accredited with us the sender has to have already demonstrated that they =
comply with including an unsub link, but because many of our =
accreditation customers are ESPs, their customers may sometimes not be =
modelling 100% of best practices).
Regardless of unsub link, or anything else, if we get a spam complaint =
against one of our customers, we hold their feet to the fire, and =
require them to explain exactly how the particular list was built, how =
the address was acquired, etc.. Failure to do so can (and usually does) =
result in termination of their accreditation - in the case of an ESP, =
they have to take corrective measures against their spamming customer or =
the ESP will lose their accreditation.
Anne
Anne P. Mitchell, Esq.
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com=20
Member, Cal. Bar Cyberspace Law Committee
How do you get to the inbox instead of the spam filter? SuretyMail!
Helping businesses keep their email out of the junk folder since 1998
http://www.isipp.com/SuretyMail
