Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M

Bart Schaefer <schaefer@brasslantern.com> Mon, 08 February 2010 15:07 UTC

Return-Path: <schaefer@closedmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07E063A73FA for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 07:07:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.463
X-Spam-Level:
X-Spam-Status: No, score=-2.463 tagged_above=-999 required=5 tests=[AWL=-0.020, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0qthxE0tQBnF for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 07:07:35 -0800 (PST)
Received: from vms173019pub.verizon.net (vms173019pub.verizon.net [206.46.173.19]) by core3.amsl.com (Postfix) with ESMTP id 5139F3A720F for <asrg@irtf.org>; Mon, 8 Feb 2010 07:07:35 -0800 (PST)
Received: from torch.brasslantern.com ([unknown] [173.67.92.79]) by vms173019.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0KXJ00L463DZ4GE0@vms173019.mailsrvcs.net> for asrg@irtf.org; Mon, 08 Feb 2010 09:08:28 -0600 (CST)
Received: from torch.brasslantern.com (localhost.localdomain [127.0.0.1]) by torch.brasslantern.com (8.13.1/8.13.1) with ESMTP id o18F8Mh0010492 for <asrg@irtf.org>; Mon, 08 Feb 2010 07:08:22 -0800
Received: (from schaefer@localhost) by torch.brasslantern.com (8.13.1/8.13.1/Submit) id o18F8MT3010491 for asrg@irtf.org; Mon, 08 Feb 2010 07:08:22 -0800
From: Bart Schaefer <schaefer@brasslantern.com>
Message-id: <100208070822.ZM10490@torch.brasslantern.com>
Date: Mon, 08 Feb 2010 07:08:22 -0800
In-reply-to: <20100208133354.GC18987@hjp.at>
Comments: In reply to "Peter J. Holzer" <hjp-asrg@hjp.at> "Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M" (Feb 8, 2:33pm)
References: <20100206200921.7841.qmail@simone.iecc.com> <4B6DCF41.1070006@dcrocker.net> <alpine.BSF.2.00.1002061524280.11458@simone.lan> <D5E318E219CCBAFB23E087F2@lewes.staff.uscs.susx.ac.uk> <20100208133354.GC18987@hjp.at>
X-Mailer: OpenZMail Classic (0.9.2 24April2005)
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Subject: Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 15:07:36 -0000

On Feb 8,  2:33pm, Peter J. Holzer wrote:
} Subject: Re: [Asrg] We really don't need no stinkin IMAP or POP foram	butt
}
} 
} On 2010-02-08 12:00:43 +0000, Ian Eiloart wrote:
} > If I see a message that I think is spam, and it carries a 
} > "report-abuse-to" header, how do I know that the header was added by the 
} > MDA and not by the spammer?
} 
} In general you don't. But I don't see that as a particularly bad
} problem: The worst a spammer can do is a DDoS attack on a small ESP by
} adding a Report-Abuse-To header with the abuse address of that ESP.

I'd say the worst they can do is to direct the abuse report back to
themselves.  This not only suppresses some fraction of their spam
complaints, but it also confirms valid email addresses and may reveal
information about what MUA is in use, which in turn can be used to
refine the next spam or exploit that they direct to that address.