nanog mailing list archives

Re: Do you obfuscate email headers when reporting spam issues to clients?

From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 6 Nov 2013 19:02:00 -0600

On Wed, Nov 6, 2013 at 6:27 PM, Nonaht Leyte <alif.terranson () gmail com>wrote:

Any abuse department which outright rejects (or claims they are unable to

process) an obfuscated ("munged") complaint is not to be trusted - period.


This is very credible from someone admitting to scrubbing reports, of
information required by some abuse teams to appropriately process
complaints,  *NOT*.  You say scrub....  Many would say:  munging  evidence,
 so that it  is no longer admissible,  or usable as supporting
documentation to suspend or terminate a subscriber's service.

There are abuse departments that would ignore such reports, or reply,
requesting information before proceeding, and they have that right;
especially,   if  the scrubbed reports  don't offer  sufficient evidence,
for their  particular investigation workflow to function.

As a complainant, rather than the abuse@ recipient, I will always scrub my
reports *thoroughly*, by removing the significant digits of time stamps,
any unique identifiers I can find (from message-ID to unsubscribe links),




regardless of header obfuscation. Secondly, header obfuscation is NOT a

waste of time for abuse@ - in fact, it is only marginally less useful than
a "fully loaded" complaint. The reason is that even the smallest (or,



This is an assumption, that is only true in some cases.

conversely, the most expertly organized) spammer will leave a complaint
trail.  The complaints grow in importance as they grow in number: ten


Often the spammer will not leave a complaint trail;  they may very well
have sent 1000 messages,  that are logged with various different From:
addresses.

However,  non-spammers will also often leave a "complaint trail";   to give
an example: very often, non-spammers will even forward  their own mail to
another mailbox provider,  e.g. Yahoo/AOL,   and report duly forwarded spam
that arrives in their forwarding destination inbox,  as spam originating
from the forwarding provider.

Without the recipient address; the provider doing the mail forwarding has
no idea if it is the forwarded mail,  or  ordinarily sent mail  that is
being filed as spam.


--
-JH

Current thread:

Re: Do you obfuscate email headers when reporting spam issues to clients?, (continued)
- - Re: Do you obfuscate email headers when reporting spam issues to clients? Rich Kulawiec (Nov 07)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Blake Dunlap (Nov 07)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Nonaht Leyte (Nov 07)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Landon (Nov 12)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? William Herrin (Nov 07)
- Re: Do you obfuscate email headers when reporting spam issues to clients? Anne P. Mitchell, Esq. (Nov 06)
  - Re: Do you obfuscate email headers when reporting spam issues to clients? William Herrin (Nov 06)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Anne P. Mitchell, Esq. (Nov 06)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? William Herrin (Nov 06)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Nonaht Leyte (Nov 06)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? Jimmy Hess (Nov 06)
    - Re: Do you obfuscate email headers when reporting spam issues to clients? William Herrin (Nov 06)