[SpamCop-List] Re: forged headers
Wed, 5 Feb 2003 12:23:30 -0500
"Spam Hater" <nobody> wrote in message
> Ok then... What to do in a case like this?? Party A claims that party B
> has forged their server info in a SPAM header. Party A is the one being
> seen as the originator and thus ends up on the blacklist. Party B just
> gets a warning about possible relaying? Or does it even get that if the
> relay testers can't get it to relay?
> Oh, I just remembered something from another thread... Is this the
> situation where the "untrusted network" tag comes into play? Can a deputy
> flag party B as untrusted and this stops the chain testing at that point?
> To really confuse this issue is the fact that there is evidence that party
> A is also a SPAMmer or at least SPAM friendly... So how can we rely on
> even our own judgement in a case like this? I can't see any way to prove
> who is lying and/or who is in cahoots with whom... :(
> At 11:01 AM 2/5/2003 -0600, Spambo typed:
> >Spam Hater wrote:
> >> Hmmmm.... Normally, SPAMmers forge and add a slew of fake received
> >> to their headers to confuse the unwary human parser. More often than
> >> they make no sense at all and SpamCop can easily spot the chain errors.
> >> BUT, what happens if a clever SPAMmer only adds one bogus received line
> >> and takes the time to make sure that that received line is a valid
> >> pointing to an innocent bystander as the originator?? I am not saying
> >> that this is what happened in this case, I am just wondering aloud if
> >> isn't possible??
> >> If it is possible, how in the hell can SpamCop ever be sure it is
> >> the right people?
> >> Am I overlooking something obvious here??
> >> [snip]
> >No, that's where the sender's judgment comes in. I always question any
> >relay situation that doesn't look right.
> >It's also where the domain in question has direct evidence that a
> >forgery occurred and they suffered damages because of the forgery.
Block em BOTH.
An advocate/user of the SCBL.