On Wednesday, January 5, 2005, 4:03:28 PM, Rick wrote: RR> 100's of spams a problem, LOL!
RR> Before sniffer I was facing around 10 thousand spams a day. But then I'm RR> coordinating 1000's of domains, so on a per domain basis, it's actually very RR> small. RR> I think what I'll do is route a combined spam report email to a server RR> script which will break it down and resubmit individual messages to your RR> spam@ address. However, this will still be sent to you as an attachment. The RR> advantage is that the original header info will be in place, the RR> disadvantage is that you might still be ignoring messages with attachments, RR> right? Not necessarily. If they are not encoded we usually get good use out of them even if they are attachments. The trick is that they will be one message per message - so our automated tools will help us see what we need to see. It would be better to see them as a redirect, followed by a simple forward, then as a last resort an attachment. As long as they are one at a time we should be in good shape. I'm sure Gonzo is watching and I'll talk to him about it. Once this starts happening we'll coordinate and give you some feedback. RR> If you don't take spam report messages with attachments, how would you be RR> able to get the original internet header mail info? The trick is that unless the message comes from a clean spamtrap we don't trust the headers anyway. Under "abuse" rules, the entire message is always suspect, so we will only dig into the headers if we have good reason to trust what we're looking and, and we know what we are looking for. Spamtrap rules are different because the delivery chain is mapped and consistent - so we know where the goodguy headers stop and the questionable headers begin. Thanks! _M PS: I've had one other call for this mechanism - a script that will split multiple spam attachments and forward them to us. I would be interested to see what you develop just in case it's applicable in other places - or perhaps adaptable as a service in some way. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html