[SpamCop-List] Re: forged headers

Merlyn spamcop-list@news.spamcop.net
Wed, 5 Feb 2003 12:23:30 -0500 

"Spam Hater" <nobody> wrote in message
news:mailman.1044465604.4953.spamcop-list
> Ok then... What to do in a case like this??  Party A claims that party B
> has forged their server info in a SPAM header.  Party A is the one being
> seen as the originator and thus ends up on the blacklist.  Party B just
> gets a warning about possible relaying?  Or does it even get that if the
> relay testers can't get it to relay?
>
> Oh, I just remembered something from another thread...  Is this the
> situation where the "untrusted network" tag comes into play?  Can a deputy
> flag party B as untrusted and this stops the chain testing at that point?
>
> To really confuse this issue is the fact that there is evidence that party
> A is also a SPAMmer or at least SPAM friendly... So how can we rely on
> even our own judgement in a case like this? I can't see any way to prove
> who is lying and/or who is in cahoots with whom...  :(
>
> At 11:01 AM 2/5/2003 -0600, Spambo typed:
>
> >Spam Hater wrote:
> >>
> >> Hmmmm....  Normally, SPAMmers forge and add a slew of fake received
lines
> >> to their headers to confuse the unwary human parser.  More often than
not,
> >> they make no sense at all and SpamCop can easily spot the chain errors.
> >> BUT, what happens if a clever SPAMmer only adds one bogus received line
> >> and takes the time to make sure that that received line is a valid
chain
> >> pointing to an innocent bystander as the originator??  I am not saying
> >> that this is what happened in this case, I am just wondering aloud if
it
> >> isn't possible??
> >>
> >> If it is possible, how in the hell can SpamCop ever be sure it is
LARTing
> >> the right people?
> >>
> >> Am I overlooking something obvious here??
> >>
> >> [snip]
> >
> >
> >No, that's where the sender's judgment comes in.  I always question any
> >relay situation that doesn't look right.
> >
> >It's also where the domain in question has direct evidence that a
> >forgery occurred and they suffered damages because of the forgery.
>

Block em BOTH.

--

Regards,
Merlyn

An advocate/user of the SCBL.