[SpamCop-List] Re: "Sorry, this email is too old to file a spam report"

[Mike Easter]

Steven Maesslein wrote:
> Mike Easter
>> Whether that is a good change or not is debatable.  I would say that
>> it is unfortunate that the parse actually breaks off prematurely.
>
> Actually the parse went on for too long.
>
> The first machine not to be one of my mailhosts is this one:
>
> from mailout06.infosat.net (HELO mail02.infosat.net) (66.18.69.6)
>
> Given the amount of 419 spam coming from infosat, how come it still
> has "trusted" status?

It is 'trusted' to be a server, not a 'good boy'.  But in this case,
196.38.110.54 rDNS tsamail.co.za is also SCbl listed, due to be delisted
in 10 hours, but it has been SC listed for 28 days.  Even a
promiscuously open smtp relay can be 'trusted' to be a server while it
is busy being spam abused for the relay purposes.

  Abbreviated Received lines *comment
  from unknown (192.168.1.101) by blade2.cesmail.net *serves you
  from mailout06.infosat.net (66.18.69.6) by mailgate.cesmail.net
*webmail relay output
  from [196.38.110.54] (mail01.infosat.net) by mail02.infosat.net
*webmail relay input, delay
  from [213.136.99.130] (account x) by mail01.infosat.net *sourceline

Source 213.136.99.130 rDNS bke-130.aviso.ci AKA jfrankline at tsamail.co.za
accesses the tsamail webserver at http://www.tsamail.co.za/ to send you
a 419 in French via the two infosat servers.

Mail for tsamail.co.za is handled by   mail.tsamail.co.za  or
mail02.infosat.net  196.38.110.54 & 196.38.110.4 and mail for
infosat.net is handled by mail01.infosat.net  &  mail02.infosat.net

mail01.infosat.net is 196.38.110.24

The infosat/tsamail server/s are sufficiently mature that SC has
evaluated them as to their role as servers and relays, including sending
it/them to relay testers, so it trusts them to be a relay/server so that
it can find the aviso.ci source behind them.


-- 
Mike Easter
kibitzer, not SC admin