![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Spamcop failing to detect true originating IP
Mike Easter
MikeE at ster.invalid
Wed Jul 13 02:53:10 EDT 2005
John Richards wrote:
> Mike Easter wrote:
>>
>> John Richards wrote:
>>> My ISP prepends "[Bulk]" to the subject field of
>>> suspected spam (an option I elected). Aren't these things
>>> technically "material changes"?
>>
>> When we talk about a header, it might seem like it is sufficient to
>> 'describe' the headers in some way which we feel like characterizes
>> the issue; but nothing characterizes an issue about a specific
>> header related discussion as much as access to the 'real' headers
>> themselves, instead of an inadequately described generi-cized
>> description of what the poster is talking about.
You and I aren't really going to talk about these headers that we are
both talking around, I guess, but my spam filter adds a lot more than
'Bulk' to the headers. Besides changing the subject for spams, it also
adds a 'bunch' of X-lines.
The faq doesn't address the issue of the myriad of lines which have been
added by servers and filters and proxies. Its thrust is to
fundamentally establish a concept of not allowing people to manipulate
headers willy nilly to 'help out' the various parsing problems. As you
have seen from this thread, manipulating headers to help SC achieve a
parse may or may not be a material change.
http://www.spamcop.net/sc?id=z785347108z0b93e7f4dcb3a10b9abce43536798828z
I just grabbed a spam and parsed it for an example, since I'm fussing at
everyone else about even mentioning headers without posting a tracker.
Those headers happen to show a spam with a lot of header lines which
look a little like a mailing list item. Crazy spammer bogosity which
you can analyze spammer thought processes if you like. As received by
my mailbox from my provider's server, the added and changed lines
separate from the top Received line of the server, are the subject,
prepended with a SPAM identifier by my spamfilter proxy, and the last 6
X lines, one of which is my provider's server's AV agent line and 5 of
which are my spamfilter's lines.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list