[SpamCop-List] spam from localhost (127.0.0.1)

Sat Jul 24 19:33:41 EDT 2004

In article <cdrum6$8hm$1 at news.spamcop.net>, Mike B says...

> "Spam Hater" <dkona7b02 at sneakemail.com> wrote in message
> news:mailman.197.1090612718.9607.spamcop-list at news.spamcop.net...

> > SpamCop isn't saying that they are not SPAM, it is saying that the headers
> > are so messed up that it can't figure out who it was that SPAMmed you!

> > On the example you listed, the 1 and only received line is:

> > Received: from attglobal.net (localhost[127.0.0.1])
> >           by prserv.net (in7) with SMTP
> >           id <2004072314172910703tse7qe>; Fri, 23 Jul 2004 14:17:54 +0000

> > Which tells us very little.  Either you chopped off a few extra header
> > lines or prserv.net has a majorly messed up mail server that isn't properly
> > reporting where it received the mail from.

> That was the entire mail header. 20 of the most recent 22 spam messages I
> have received has similar headers.

> > SpamCop can't do anything with this and gives up.

> > Do you have an account on prserv.net?  Was that the final stop in the
> > chain or are you just not finding the complete headers?

> I have an account on prserv.net aka attglobal.net

I once had a free email account with some off-the-wall outfit called 
"LiquidInformation". They did not pass the mail headers on to the user. 
Also, a local TV station offered a station branded free web mail account 
through chek.com. When check.com changed their business model, the station 
switched to BigMailBox for continued free email. They, also, did not pass 
full headers on to the user.

"Full" (hah!) headers for a LiquidInformation email:

Return-Path: <nor9245mill296 at hotmail.com>
Date: Wed, 24 Jul 2002 07:42:52 +0100
From: "N. Miller" <nor9245mill296 at hotmail.com>
Subject: This is five
X-Liquid-Read: false
To: ... at liquidinformation.com[1]

"Full" (hah!) headers for a BigMailBox email:

NReturn-Path: <biz at 6x6.net>
Received: from Localhost (sourcenat1.bigmailbox.com [209.132.220.250]) by 
mailrecv17.bigmailbox.com (8.10.0/8.10.0) with SMTP id g12GdSx03498 for <...
@11mail.com> ; Sat, 2 Feb 2002 08:39:30 -0800  [2]
Message-Id: <200202021639.g12GdSx03498 at mailrecv17.bigmailbox.com>
From: Igor Tistsenkov: Please Read IT Carefully! <biz at 6x6.net>
Subject: Practicable possibility to build own future.
Reply-To: biz at 6x6.net
X-Mailer: The Bat! (v1.52f) Business
Mime-Version: 1.0
Content-Type: text/plain

I don't know if there is anything in the RFCs which require the MDA to 
provide 'full' headers to an actual client. I believe that the SMTP protocol 
is just a mail transport protocol, and that the end user can be relieved of 
having to deal with routing matters. My guess is that the 'prserv.net' MDA 
is not providing you with the 'full' headers, so you will have to go back to 
them for assistance with spam complaints. Maybe, if enough customers pester 
them to check their message logs for the full routing details of the spam, 
they will turn on the MDA's headers; but the fact that so much of your email 
lacks full headers seems to be in their manner of operation. Maybe it is 
just one poorly configured server, and they don't know about it?

[1] Although 'liquidinformation.com' does not resolve, the 'local part' of 
my account there is still active on some other email accounts; why let the 
spammers know it?
[2] 11mail.com does resolve; San Jose, California's own KNTV - Channel 11; 
now an NBC affiliate, it was an ABC affiliate when I had the account. Again, 
I am not willing to give spammers a potential 'local part' to try against 
other domains.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint