On Fri, 19 Mar 2004, Don Anthony wrote: > I wasn't trying to start a name calling session among countries (we have > enough people doing that).
Too much, actually. > My point was simply, why is the URL not used that exists in the msg body of > these spams to help flag it, and instead all the attention placed on the > header? The guy making the comment about Canada ignoring US domains was > perhaps not off base in that for Canadian business email accounts that do > not deal in sales across the border, giving someone the option to block body > text URLs in emails outside of Canada doesn't sound all that unreasonable to > me. To make matters worse, it's getting to the point where spammers are including URLs to valid, ethical, sites in their missives. Most of these are "zero-length" URLs (e.g. <A HREF="some.poor.innocent"></A>) but if not approached carefully can lead to collateral damage of decent folks. One of the big problems I've seen has been the occasional inclusion of "w3.org" by some of the "less intelligent" anti-spam folks. > For the past year I always sent SPAM complaints both to the ISP owning the > header IP and the ISP of the URL. The header was always forged and resulted > in none of the sites I reported being shut down while I know of 10 websites > that I shut down by doing this for the body URL. Not too good for a year's > work of wasted mornings but nevertheless, more productive than doing > nothing. At least my emails to the other host URL ISPs may have cost them a > penny to process. It's important to remember that the ONLY "Received:" header you can trust is the one that injected the message into _your_ server (this assumes that you trust your server); the rest have a high probability of being gibberish. So, the best you can do regarding headers is yap to the folks who own the IP space from whence a message got into your system. The odds are they've got more pressing bits to worry about so there'll probably be no action. If one really wants to "follow the money" (and that's a darned good course of action) one needs to manually identify the "payload" of each spam (so innocents don't get caught in the crossfire) and inject that domain into the blacklist. If the domain is clearly a throwaway then it's not worth complaining to them (or their ISP, because it's probably a spammer-friendly ISP). My rule-of-thumb is to gripe at domains that are well-known trademarks because there's a possibility of brand-damage from spamming (I've been known to say to them, "Well, I like your product, but since you spammed me I'll never buy from *you*.") and if they're running in an ethical mode they'll respect that. Cheers. +------------------------------------------------+---------------------+ | Carl Richard Friend (UNIX Sysadmin) | West Boylston | | Minicomputer Collector / Enthusiast | Massachusetts, USA | | mailto:[EMAIL PROTECTED] +---------------------+ | http://users.rcn.com/crfriend/museum | ICBM: 42:22N 71:47W | +------------------------------------------------+---------------------+
