[aclug-L] Re: Reverse the Aging Process 10-20 Years!
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Nov 15, 2000 at 01:45:17PM -0600, Clint A. Brubakken wrote:
>
> > The ONLY header on a spam that you can really trust is the "Received:"
> > header that your own system adds to the message. This is sufficient to
> > identify the system that delivered the message to you, and is where
> > you should focus your energy. By replying to every site that appears
> > in every header (as many people do), you effectively punish victim
> > sites who were framed to make it appear that they are harboring
> > spammers, or allowing spam to be relayed.
> > </RANT>
>
>
> All this talk is not exactly true, as this is a mailing list and so the
> mailing list would deliver to your system, and roach is not sending
> spam. Couldn't you follow the trust as in this example.
Well, you are right to some extent, and it does deserve some
clarification. In *general* the only headers you can trust are the
ones added by your, or your ISP's (if you are using a POP client) mail
server. Now that is true if you trust your admin (which might be you
or your ISP). Now, in many cases, you can be fairly confident about
headers further down the list. In the case of a mailing list, you
might trust that your list admin is not forging headers. This is
especially true if you know the admin!
So, how you are down to: tisi.go.th (unknown [203.154.78.1]). Again,
if you have reason to believe the headers from the list server, you
can be fairly confident that this is where the message came to the list
server from. First, don't trust the hostname, that is often
forged. Rather, put more trust the IP in address in square brackets
[203.154.78.1]. Look up the "owner" of those IP addresses on
whois.arin.net (www.arin.net/whois). In this case you will find that
this IP address is part of those assigned to the Asia Pacific Network
Information Center. So, how you need to goto whois.apnic.net. You will
now find the contact information. Someplace in Thailand.
As a matter of experience, you will almost never get any positive
response complaining about spam in Asian countries. Almost without
exception, they simply don't care. Further research will show you that
this IP address is on both the RSS and ORBS anti-relay lists. If you
have a filter that it based on one of these, this message would have
been filtered out, as mentioned by other ACLUG members. In this case,
that is about the best you can do.
My point is simply this. If you would have sent a complaint to an
abuse address at acm.org, complete.org, and whatever domain the From:
header showed, you would be complaining to people that could not do
anything about the spam, or could do no more than you could
yourself. Many many people, probably because they are in a hurry and
frustrated by the spam, send complaints to any and all domains that
exist in the message, forged headers or not. This is not constructive!
> hackboy.com is my isp (for this example) and acm.org is my forwarding
> address
>
> Received: from mail.acm.org (mail.acm.org [199.222.69.4])
> by penguin.hackboy.com (8.9.3/8.9.3) with ESMTP id HAA01931;
> Wed, 15 Nov 2000 07:56:22 -0600
> Received: from pi.glockenspiel.complete.org (postfix@[64.242.77.171])
> by mail.acm.org (8.9.3/8.9.3) with ESMTP id IAA69570;
> Wed, 15 Nov 2000 08:56:05 -0500
> Received: from pi (localhost [127.0.0.1])
> by pi.glockenspiel.complete.org (Postfix) with ESMTP
> id 46AB23B8EF; Wed, 15 Nov 2000 07:57:19 -0600 (CST)
> Received: with LISTAR (v0.129a; list discussion); Wed, 15 Nov 2000
> 07:57:19 -0600 (CST)
> Delivered-To: virtual-aclug.org-discussion@xxxxxxxxxxxx
> Received: by pi.glockenspiel.complete.org (Postfix)
> id C7BC73B8F6; Wed, 15 Nov 2000 07:57:18 -0600 (CST)
> Delivered-To: aclug-l@xxxxxxxxxxxx
> Received: from tisi.go.th (unknown [203.154.78.1])
> by pi.glockenspiel.complete.org (Postfix) with ESMTP id
> EBDD63B8EF
> for <aclug-l@xxxxxxxxxxxx>; Wed, 15 Nov 2000 07:57:01 -0600
> (CST)
>
> assuming we can trust complete.org and acm.org and hackboy.com to not
> fake email headers, this spam was sent from tisi.go.th (unknown
> [203.154.78.1]). So know what would/should we do?
>
>
>
> --
> Clint Brubakken
> Developer, Computer Science Services Group, LLC
> President Air Capital Linux Users Group
> Wichita, KS
> cabrubak@xxxxxxx
> ---
> "God."
> "What?"
>
> "I used to eat there. Really good noodles. I have these memories from my
> life. None of them happened. What does that mean? Trinity: That the
> Matrix
> cannot tell you who you are."
>
> "And an Oracle can?"
> "That's different."
>
> -- Neo and Trinity, "The Matrix"
>
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
- [aclug-L] Reverse the Aging Process 10-20 Years!, HGH, 2000/11/10
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, james l, 2000/11/14
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, Jeff Schaller, 2000/11/14
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, Jonathan Hall, 2000/11/14
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, Steven Saner, 2000/11/14
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, Clint A. Brubakken, 2000/11/15
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!,
Steven Saner <=
- [aclug-L] Re: Reverse the Aging Process 10-20 Years!, Clint A. Brubakken, 2000/11/16
- [aclug-L] KDE Ver2?, David Carmichael, 2000/11/16
- [aclug-L] Re: KDE Ver2?, Patrick Klee, 2000/11/16
- [aclug-L] Re: KDE Ver2?, Dale W Hodge, 2000/11/16
- [aclug-L] Re: KDE Ver2?, Lars von dem Ast, 2000/11/18
- [aclug-L] Fair Price?, David Carmichael, 2000/11/18
- [aclug-L] Re: Fair Price?, Jeff Vian, 2000/11/18
- [aclug-L] Re: Fair Price?, David Carmichael, 2000/11/18
[aclug-L] Re: Reverse the Aging Process 10-20 Years!, Michael Holmes, 2000/11/15
|
|
