[166761] in North American Network Operators' Group
Re: Do you obfuscate email headers when reporting spam issues to
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Wed Nov 6 20:02:10 2013
In-Reply-To: <CANF7DYeukmo5Mu6fNr20f1BmoEV2y4+BF0fnPt5SNTrMqMJdXg@mail.gmail.com>
Date: Wed, 6 Nov 2013 19:02:00 -0600
From: Jimmy Hess <mysidia@gmail.com>
To: Nonaht Leyte <alif.terranson@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 6, 2013 at 6:27 PM, Nonaht Leyte <alif.terranson@gmail.com>wrote:
Any abuse department which outright rejects (or claims they are unable to
> process) an obfuscated ("munged") complaint is not to be trusted - period.
>
This is very credible from someone admitting to scrubbing reports, of
information required by some abuse teams to appropriately process
complaints, *NOT*. You say scrub.... Many would say: munging evidence,
so that it is no longer admissible, or usable as supporting
documentation to suspend or terminate a subscriber's service.
There are abuse departments that would ignore such reports, or reply,
requesting information before proceeding, and they have that right;
especially, if the scrubbed reports don't offer sufficient evidence,
for their particular investigation workflow to function.
> As a complainant, rather than the abuse@ recipient, I will always scrub my
> reports *thoroughly*, by removing the significant digits of time stamps,
> any unique identifiers I can find (from message-ID to unsubscribe links),
>
regardless of header obfuscation. Secondly, header obfuscation is NOT a
> waste of time for abuse@ - in fact, it is only marginally less useful than
> a "fully loaded" complaint. The reason is that even the smallest (or,
This is an assumption, that is only true in some cases.
> conversely, the most expertly organized) spammer will leave a complaint
> trail. The complaints grow in importance as they grow in number: ten
>
Often the spammer will not leave a complaint trail; they may very well
have sent 1000 messages, that are logged with various different From:
addresses.
However, non-spammers will also often leave a "complaint trail"; to give
an example: very often, non-spammers will even forward their own mail to
another mailbox provider, e.g. Yahoo/AOL, and report duly forwarded spam
that arrives in their forwarding destination inbox, as spam originating
from the forwarding provider.
Without the recipient address; the provider doing the mail forwarding has
no idea if it is the forwarded mail, or ordinarily sent mail that is
being filed as spam.
--
-JH
