![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Wrong originating host?
Mike Easter
MikeE at ster.invalid
Fri Jan 7 05:04:56 EST 2005
Ernst wrote:
> Mat, here is now the URL of an e-mail, where my ISP was identified as
> the originating host.
www.spamcop.net/sc?id=z710204438zbd5b728184d6cb16f633d294acd99218z
Abbreviated Received lines *comment
from mx21.bluewin.ch (195.186.18.37) by mssazhh-int.msg.bluewin.ch
*serves you
from host247-254.pool80117.interbusiness.it (80.117.254.247) by
mx21.bluewin.ch *sourceline
from suspense (146.212.103.251) by 48.237.132.166 *bogusline
SC has to be able to chain from top toward the bottom by associating the
upper 'from' field with the lower 'by' field. The MXes for bluewin are
195.186.3.80 & 195.186.6.80 which are not 'close enough' to
195.186.18.37 to pass what I call the 'MX step' until SC is familiar
with the relay by 'aging' or maturity after the relay has been sent to
relay testers.
If unfamiliar, the chaining fails prematurely in trying to go from the
top line to the 2nd line and SC would name mx21 at bluewin as source.
After maturing, mx21 becomes a 'trusted' server, that is, trusted to be
a server and SC can chain to the interbusiness source.
> Note the following: When I submitted the header again to SpamCop, it
> seems that it analyzed it then correctly, but I did not submit it
> again.
> Another question: Under SpamCop I can look at my recent reports, but
> they don't seem to have their URL displayed.
Correct. Us citizens cannot simply take a report id and convert it to a
tracking URL. We have to grab that during the parse. Only a deputy who
has access to evidence can dig up the evidence with only a report id.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list