Hi Joseph, On Sun, 23 Jun 2002 13:05:49 -0500, you wrote: > You mean how the system *should* work. It works like that for your > mail and mine, and for the legitimate commercial mail we receive. But > it doesn't work like that for most UBE that comes from fly-by-night > senders. Sometimes the originating IP addresses belong to responsible > ISP's like Yahoo!, which might act to restrict their being used in the > spam chain. But more often the originating addresses are offshore > relay points, i.e., not *really* the origination points.
Actually, all email has an IP address assigned by the mail server, even if open relays etc. You'd still be able to track down the sending server, and then the originating IP address, otherwise a service such as spamcop would be completely useless. Often spammers try to add fake received headers, claiming they're from hotmail/yahoo, but the IP addresses are often not the same, which is why spamcop does chain test, and does a DNS, then an rDNS on the IP address/host found in the email. There are two situations where the IP address in the headers would not be the real senders, and that'd be an exploited server mail script such as formmail.pl (I've personally been a victim to this one, as one of our clients was running it), or where somebody has used an open proxy port to 'bounce' mail through it. In the former situation, with spamcop, the offending server is notified of the bad script (it is often easy to spot bad formmail script useage by the headers, when an email comes from root@localhost or nobody@localhost, or in my case [EMAIL PROTECTED]). In the later, often the ISP takes action against the open proxy provider, assuming they're the offenders. I've seen a lot of the former, but never seen the later occuring, although it is a possibility, I doubt most spammers would spend the several hours required to track down an open proxy. -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.60q FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
