Complete.Org: Mailing Lists: Archives: discussion: November 2000:
[aclug-L] Re: Reverse the Aging Process 10-20 Years!

[aclug-L] Re: Reverse the Aging Process 10-20 Years!

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: Reverse the Aging Process 10-20 Years!
From: Steven Saner <ssaner@xxxxxxxxxxxxxxx>
Date: Wed, 15 Nov 2000 14:08:04 -0600
Reply-to: discussion@xxxxxxxxx

On Wed, Nov 15, 2000 at 01:45:17PM -0600, Clint A. Brubakken wrote:
> > The ONLY header on a spam that you can really trust is the "Received:"
> > header that your own system adds to the message. This is sufficient to
> > identify the system that delivered the message to you, and is where
> > you should focus your energy. By replying to every site that appears
> > in every header (as many people do), you effectively punish victim
> > sites who were framed to make it appear that they are harboring
> > spammers, or allowing spam to be relayed.
> > </RANT>
> All this talk is not exactly true, as this is a mailing list and so the
> mailing list would deliver to your system, and roach is not sending
> spam. Couldn't you follow the trust as in this example.

Well, you are right to some extent, and it does deserve some
clarification. In *general* the only headers you can trust are the
ones added by your, or your ISP's (if you are using a POP client) mail
server. Now that is true if you trust your admin (which might be you
or your ISP). Now, in many cases, you can be fairly confident about
headers further down the list. In the case of a mailing list, you
might trust that your list admin is not forging headers. This is
especially true if you know the admin!

So, how you are down to: (unknown []). Again,
if you have reason to believe the headers from the list server, you
can be fairly confident that this is where the message came to the list
server from. First, don't trust the hostname, that is often
forged. Rather, put more trust the IP in address in square brackets
[]. Look up the "owner" of those IP addresses on ( In this case you will find that
this IP address is part of those assigned to the Asia Pacific Network
Information Center. So, how you need to goto You will
now find the contact information. Someplace in Thailand.

As a matter of experience, you will almost never get any positive
response complaining about spam in Asian countries. Almost without
exception, they simply don't care. Further research will show you that
this IP address is on both the RSS and ORBS anti-relay lists. If you
have a filter that it based on one of these, this message would have
been filtered out, as mentioned by other ACLUG members. In this case,
that is about the best you can do.

My point is simply this. If you would have sent a complaint to an
abuse address at,, and whatever domain the From:
header showed, you would be complaining to people that could not do
anything about the spam, or could do no more than you could
yourself. Many many people, probably because they are in a hurry and
frustrated by the spam, send complaints to any and all domains that
exist in the message, forged headers or not. This is not constructive!

> is my isp (for this example) and is my forwarding
> address
> Received: from ( [])
>         by (8.9.3/8.9.3) with ESMTP id HAA01931;
>         Wed, 15 Nov 2000 07:56:22 -0600
> Received: from (postfix@[])
>         by (8.9.3/8.9.3) with ESMTP id IAA69570;
>         Wed, 15 Nov 2000 08:56:05 -0500
> Received: from pi (localhost [])
>         by (Postfix) with ESMTP
>         id 46AB23B8EF; Wed, 15 Nov 2000 07:57:19 -0600 (CST)
> Received: with LISTAR (v0.129a; list discussion); Wed, 15 Nov 2000
> 07:57:19 -0600 (CST)
> Delivered-To:
> Received: by (Postfix)
>         id C7BC73B8F6; Wed, 15 Nov 2000 07:57:18 -0600 (CST)
> Delivered-To: aclug-l@xxxxxxxxxxxx
> Received: from (unknown [])
>         by (Postfix) with ESMTP id
>         for <aclug-l@xxxxxxxxxxxx>; Wed, 15 Nov 2000 07:57:01 -0600
> (CST)
> assuming we can trust and and to not
> fake email headers, this spam was sent from (unknown
> []). So know what would/should we do?
> -- 
> Clint Brubakken
> Developer, Computer Science Services Group, LLC
> President Air Capital Linux Users Group 
> Wichita, KS
> cabrubak@xxxxxxx
> ---
> "God."
> "What?"
> "I used to eat there. Really good noodles. I have these memories from my
> life. None of them happened. What does that mean? Trinity: That the
> Matrix
> cannot tell you who you are."
> "And an Oracle can?"
> "That's different."
>               -- Neo and Trinity, "The Matrix"
> -- This is the discussion@xxxxxxxxx list.  To unsubscribe,
> visit

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,

[Prev in Thread] Current Thread [Next in Thread]