| | |  | This is the Conversation Forum for How to Fight Spam
<< Mail routers
SPEWS >> | |
| | | Subject: Fake headers
Posted Mar 14, 2003 by Pezvi
| | Posting
1
 | | One of the IP blocks we own was included in the header information used by spamware. We were receiving 50 complaints a day for something which couldn't possibly have come from our network (the IP block is owned but not in use, and all of its addresses are blocked at our Internet edge). In effect, the anti-spammers were spamming us... nobody was trying to sell us anything, but our resources were drained just the same.
As someone on the receiving end of numerous erroneous complaints, I thought it important to point out almost all the information in the header can be (and usually is) falsified. Be careful when parsing email headers. Sending email to everyone indicated in the header, or using a program which does, serves to contribute to the clutter.
|
| | | Subject: Fake headers
Posted Mar 15, 2003 by LordFox
This is a reply to this Posting
| | Posting
3
 | | I also use the method of manually tracing and reporting spam. I'd rather decide myself on what is spam then letting spamfilters and such do that job. If I don't have the time to research it, alas, it goes to the recycle bin (but does not get recycled  ).
There really is just one piece of the header that you can really trust, and that is the IP address of the server that sent the piece of spam to the mailserver of your provider. Remember: all the rest *can* be faked - it isn't always faked, but it's no use investigating any further IP addresses in the header. Usually you'll end up with an address in a reserved block, the US Army or such things.
A good piece of software, by the way, to do whois lookups is Sam Spade (www.samspade.org - you can use the online tools, or install the program if you run on Windows). Highly recommended by me, I use it all the time.
Another tip for those who are really getting the hang of tracing spammers and such: should you have installed a firewall on your PC (which I highly recommend if you have any kind of permanent connection through the Internet with DSL or cable), use a logfile analyser to see who has been trying to entering your computer. I use the ZoneAlarm firewall in conjunction with ZoneLog Analyser (zonelog.co.uk) and together with Sam Spade I've been able to track some would-be intruders. Please DO read the manual if you start with ZoneLog Analyser....
Regards,
Rick
|
| | | Subject: Fake headers
Posted Mar 15, 2003 by LordFox
This is a reply to this Posting
| | Posting
4
| | Just a little additional information:
Should you receive any Get Rick Quick schemes coming from the US (most I get come from the US), you can forward them to the Federal Trade Commission at uce@ftc.gov.
Should the spam come from California and NOT have 'ADV:' in the subjectheaders (which is required by law) you can forward the e-mail to caspam@cadoj.samspade.org.
Regards,
Rick
|
|
|
   
Conversation list
Most of the content on h2g2 is created by h2g2's Researchers, who are members of the public. The views expressed are theirs and unless specifically stated are not those of the BBC. The BBC is not responsible for the content of any external sites referenced. In the event that you consider anything on this page to be in breach of the site's House Rules, please click on the relevant  button to alert our Moderation Team. |
Home
