[SpamCop-List] Re: SEC no longer accepting spam forwards?

[Mike Easter]

Borgholio wrote:
> I used to forward my stock spams to the SEC as attachments...but
> today I get this:
>
> Hi. This is the qmail-send program at yahoo.com.
> I'm afraid I wasn't able to deliver your message to the following
> addresses. This is a permanent error; I've given up. Sorry it didn't
> work out.
>
> <enforcement at sec.gov>:
> 12.154.80.37 failed after I sent the message.
> Remote host said: 550 Error: SECPFR For security reasons we reject
> attachments of this type
>
>
> Should I start forwarding the spam inline, even though that kills the
> headers?

Except for spamcop's submit addy, all spam I send to abuse desks and
such is sent inline, not as an attachment -- but it is sent inline with
complete headers.  If the mail agent were OE, I would use File/
Properties/ Details/ Message Source button and copy the complete headers
continuous with the unrendered spambody and paste that into the body of
the email message after a delimitor and a brief 1 line explanation of
why they're getting it.

That has been the traditional way of doing it -- however, that method is
actually 'inferior' to sending it as an attachment, because the mailuser
agent will change what has been pasted into the body by adding
linewraps -- so if someone really cares about 'evidence' insisting that
it be put into the body is a dumb position to take because the evidence
gets modified by the transmission.

All in all it is a dumb position for anything as 'sophisticated' as an
abuse desk or its equivalent to not be able to properly handle whichever
format proper evidence comes in, attachment or not.

My provider has some zany instructions for rendering spam and putting
the full headers over a copy of the rendered spam -- but my provider has
a host of stupid corporate and administrative policies and behaviors.
Obviously there are some things that rendering would 'ruin' the evidence
such as phish information.


-- 
Mike Easter
kibitzer, not SC admin