![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Spamcop failing to detect true originating IP
Mike Easter
MikeE at ster.invalid
Wed Jul 13 02:27:10 EDT 2005
Mike Easter wrote:
> SC
> cannot derive an IP address as a source by parsing those headers as
> submitted.
> topheaders
> body1
> attachment headers
> body2
> AVG info
> That item was identified as spam by SpamAssassin
> The topheaders are 'internal' headers for
> the servernode server, whereas the attachment headers show the source
> IP of the propagation.
>
> body1 describes SA functionality and report, body2 is the
> propagation's body content,
If one *assumes* that that server would handle a spam [not a virm
propagation] similarly except for the virus stripping by AVG, that is
going to be a very/totally unsatisfactory structure for submitting spams
to spamcop.
The server would be imposing an additional set of headers and body over
the spam's original headers and body using some elements from the spam's
headers and body in what I'm calling 'topheaders' above. The topheaders
don't show the source IP and the whole structure is a rather zany
implementation of the SA functionality.
But, rather than assume, it would be better to see something that was a
'pure' spam recognized by SA which wasn't additionally handled for
stripping as a viral propagation by AVG. Since the SA implementation is
zany, yet another useful tracker would be one for a spam which SA failed
to recognize.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list