RE: [Asrg] C/R - What people say

Vernon Schryver <vjs@calcite.rhyolite.com> Wed, 14 May 2003 00:53 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA05598 for <asrg-archive@odin.ietf.org>; Tue, 13 May 2003 20:53:11 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4E0JRB13118 for asrg-archive@odin.ietf.org; Tue, 13 May 2003 20:19:27 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0JRB13115 for <asrg-web-archive@optimus.ietf.org>; Tue, 13 May 2003 20:19:27 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA05594; Tue, 13 May 2003 20:52:40 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FkXU-0001Bv-00; Tue, 13 May 2003 20:54:36 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19FkXU-0001Bs-00; Tue, 13 May 2003 20:54:36 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0HHB13057; Tue, 13 May 2003 20:17:17 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0G4B12952 for <asrg@optimus.ietf.org>; Tue, 13 May 2003 20:16:04 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA05557 for <asrg@ietf.org>; Tue, 13 May 2003 20:49:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FkUE-0001AI-00 for asrg@ietf.org; Tue, 13 May 2003 20:51:14 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19FkUB-0001A2-00 for asrg@ietf.org; Tue, 13 May 2003 20:51:12 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h4E0qF14021004 for asrg@ietf.org env-from <vjs>; Tue, 13 May 2003 18:52:15 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305140052.h4E0qF14021004@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: RE: [Asrg] C/R - What people say
References: <MBEKIIAKLDHKMLNFJODBAELEFCAA.eric@purespeed.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 13 May 2003 18:52:15 -0600

> From: "Eric Dean" <eric@purespeed.com>

> Well, I use a CR system and am subscribed to various mailing lists.  We use
> the Sender header to exempt challenges.
> ...

How does that operate?  What Sender values garner exceptions, and why
won't more spammers use them if there are any?  Or by "exception,"
do you mean that the mail is immediately discarded unchallenged?

About 5% of the last 29,319 spam caught in my traps have Sender headers.
Some of the streams of spam follow all of the forms that I know of
for a mailing list.  Here is a sample from a stream that you should
recognize, since it's from the hard working entity that sometimes
calls itself "Drew Lanzetta":

    From: Spec Sheet <ssha@all.at>
    To: vj@calcite.rhyolite.com
    Subject: Stockgroup Signs Licensing Agreement with Time Warner
    Date: Mon, 12 May 2003 13:56:33 -0700
    MIME-Version: 1.0
    Content-Type: text/html
    List-Unsubscribe: <mailto:leave-specsheet-html-a-634245P@financepages.com>
    List-Subscribe: <mailto:subscribe-specsheet-html-a@financepages.com>
    List-Owner: <mailto:owner-specsheet-html-a@financepages.com>
    X-List-Host: Main site
    Reply-To: ssha@all.at
    Sender: bounce-specsheet-html-a-634245@financepages.com
    Message-Id: <LYRIS-634245-31612-2003.05.12-13.56.34--vj#calcite.rhyolite.com@fin
    ancepages.com>
    MIME-Version: 1.0
    Content-Type: text/html

Note that those headers are exactly as they appeared on the wire before
my MTA did anything to them, including adding a Received: header.

Well, "Drew Lanzetta" doesn't include List-ID header, and I don't see
any recent spam in my traps that does.  
However, there is plenty in NANAS.  See
http://groups.google.com/groups?q=+%22list-id%22+group%3A*abuse.sightings


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg