From spamassassin-talk-admin@lists.sourceforge.net Thu Aug 29 11:07:57 2002 Return-Path: Delivered-To: yyyy@localhost.netnoteinc.com Received: from localhost (localhost [127.0.0.1]) by phobos.labs.netnoteinc.com (Postfix) with ESMTP id C123A44162 for ; Thu, 29 Aug 2002 06:06:00 -0400 (EDT) Received: from phobos [127.0.0.1] by localhost with IMAP (fetchmail-5.9.0) for jm@localhost (single-drop); Thu, 29 Aug 2002 11:06:00 +0100 (IST) Received: from usw-sf-list2.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g7T0AMZ19081 for ; Thu, 29 Aug 2002 01:10:22 +0100 Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-list1.sourceforge.net) by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17kCqC-0004QL-00; Wed, 28 Aug 2002 17:07:16 -0700 Received: from sccrmhc01.attbi.com ([204.127.202.61]) by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17kCpc-00060j-00 for ; Wed, 28 Aug 2002 17:06:40 -0700 Received: from localhost ([12.229.66.144]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020829000611.QMMF11061.sccrmhc01.attbi.com@localhost> for ; Thu, 29 Aug 2002 00:06:11 +0000 Subject: Re: [SAtalk] O.T. Habeus -- Why? Content-Type: text/plain; charset=US-ASCII; format=flowed MIME-Version: 1.0 (Apple Message framework v482) From: Brian McNett To: spamassassin-talk@example.sourceforge.net Content-Transfer-Encoding: 7bit In-Reply-To: <1030567825.3271.TMDA@omega.paradigm-omega.net> Message-Id: <135470FA-BAE3-11D6-AD60-003065C182B0@radparker.com> X-Mailer: Apple Mail (2.482) Sender: spamassassin-talk-admin@example.sourceforge.net Errors-To: spamassassin-talk-admin@example.sourceforge.net X-Beenthere: spamassassin-talk@example.sourceforge.net X-Mailman-Version: 2.0.9-sf.net Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Talk about SpamAssassin List-Unsubscribe: , List-Archive: X-Original-Date: Wed, 28 Aug 2002 17:05:49 -0700 Date: Wed, 28 Aug 2002 17:05:49 -0700 X-Pyzor: Reported 0 times. X-Spam-Status: No, hits=-5.3 required=7.0 tests=EMAIL_ATTRIBUTION,FUDGE_MULTIHOP_RELAY,IN_REP_TO, KNOWN_MAILING_LIST,RCVD_IN_MULTIHOP_DSBL, RCVD_IN_UNCONFIRMED_DSBL,SPAM_PHRASE_00_01, USER_AGENT_APPLEMAIL version=2.40-cvs X-Spam-Level: On Wednesday, August 28, 2002, at 01:50 PM, Robin Lynn Frank wrote: > And if a spammer forges headers??? Header forgeries are trivially easy to detect. The main way that spammers hide their originating IPs is not by forging headers, but by sending through open proxy servers. It used to be that spammers used open relay mailserver, but these often betray the originating IP, and the proliferation of open relay blocklists, and the introduction of port 25 blocking on the part of many ISPs make open relays unattractive to spammers. One would think, that the combination of a forged Habeas-SWE, and mail sent through an anonymizing open proxy would be a fairly good indication of spam. Tracking a spammer to his meatspace location is not as difficult as you might think, once you have legal recourse to subpoena records. --B ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Spamassassin-talk mailing list Spamassassin-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/spamassassin-talk