![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: spamcop is cause me to bounce of rootsweb mailing lists
Gerald Vogt
vogt at spamcop.net
Wed Feb 8 17:20:36 EST 2006
Mindaugas wrote:
> Now example of Spamcop malfunction of test mail from well configured
It is not malfunctioning. It is the way it works. And it does say so in
the report:
> Received: from mxb.rambler.ru (mxb.rambler.ru [81.19.66.30])
> by spi.pfi.lt (8.12.10/8.12.10) with ESMTP id k18798HY032466
> for <x>; Wed, 8 Feb 2006 09:09:08 +0200
> Received: from rambler.ru (mail13.rambler.ru [81.19.71.15])
> by mxb.rambler.ru (Postfix) with ESMTP id 60B8632698
> for <x>; Wed, 8 Feb 2006 10:09:13 +0300 (MSK)
> Received: from [193.219.52.43] (account %$$$@&^&$$%@rambler.ru)
> by mail13.rambler.ru (CommuniGate Pro WebUser 4.2.10)
> with HTTP id 15600637 for x; Wed, 08 Feb 2006 10:08:10 +0300
>...
> It is seen that real IP address is: 193.219.52.43
>
> 1: Received: from rambler.ru (mail13.rambler.ru [81.19.71.15]) by
> mxb.rambler.ru (Postfix) with ESMTP id 60B8632698 for <x>; Wed, 8 Feb 2006
> 10:09:13 +0300 (MSK)
> Hostname verified: mail13.rambler.ru
>
> Possible forgery. Supposed receiving system not associated with any of your
> mailhosts
> Will not trust anything beyond this header
There you are. Spamcop does not recognize this server. So what should it
do? Just trust it? The problem is that any spammer can add any Received
line it wants to to an email. The mail above could have a fourth
Received line that was fully faked by the spammer. Mail servers usually
do not touch any Received lines already in the email because how should
they know? A spammer could just add a line that 193.219.52.43 received
the email from 1.2.3.4. And another line that 1.2.3.4 received it from
4.5.6.7. If _you_ would see those header you wouldn't know either which
of them is correct and which of them are faked. How should Spamcop?
So the problem is: you have a chain of Received lines pointer to various
IP addresses and mail servers. Spamcop just tries to find the point up
to which it knows about the servers in the chain which are in the
mailhosts list. The last known server is trusted. Anything beyond that
is not because Spamcop has no mean to know. The spam could originate
from the IP address that goes into the trusted server. The spam could go
through several hops before. It is impossible for Spamcop to know.
Gerald
More information about the SpamCop-List
mailing list