On Wed, Nov 6, 2013 at 12:30 PM, Landon <landonstewart@gmail.com> wrote:
Hello,
How much trouble does your abuse department go to in order to obfuscate
headers when providing evidence of spamming activity regardless of if it’s intentional/professional spammer activity or some kind of malware infection allowing a third party to spam.
I suggest using separate spam traps for reporting, from spam traps used to develop filters and blacklists, seeded/published at similar places. Don't report spam hitting secret spamtraps; just use what is received at secret spam traps to develop the spam corpus, blacklists, or filtering rules. There are exceptions, but when reporting spam: the recipient needs actionable information. Not just someone claiming that there is spam from them. If they are the upstream IP network abuse contact or operator of a large mail server, they should see who it came from, who it went to, the timestamps, message ids, and full headers. The stuff you could remove to make "list washing" hard or disguise a spam trap, is the same stuff the receiver of your report needs, to efficiently and effectively help identify their outbreak, and put a stop to the spam, so you're also making it hard for legitimate contacts to find the appropriate log entry, and match the e-mail message to the account it came from. -- -JH