![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Ploy defeats Spamcop
Don Wannit
nobody at spamcop.net
Sun Jun 6 10:58:36 EDT 2004
Mike Easter wrote:
> BarkerJr wrote:
>
>>The attachement is a spam, but not the bounce wrapper. You can still
>>report the attached spam, just not the bounce.
>
>
> You also can't report the bounce part.
>
> http://www.spamcop.net/fom-serve/cache/14.html If the bounce message
> contains spam, it is not permitted for you to report the spam contained
> within the bounce,
>
> You have to report those manually, and only use SC's parser on the item
> to help determine who/how to notify with your manual, and cancel the SC
> report.
>
>
But be wary, wary careful! Since everything in the body is supplied by
the creator of a fake bounce, you can't trust any of the supposed
headers in the bounced payload. Even the apparent chain of "Received"
headers can't be trusted.
Unless you know for sure that the spam contained in a bouncygram
is intact, don't try to report it, even manually.
So, if you can verify the chain of custody of the bouncygram itself
(maybe it originated at a mailhost under your control), then you might
be able to trust the headers of the spam message being bounced.
Otherwise, it's not worth risking a bad report by reporting a
spam message constructed with false evidence.
--
Don Wannit <edb2000 -at- spamcop.net>
A paid SpamCop user since 1999
More information about the SpamCop-List
mailing list