[Dshield] Novice regarding reporting spam, would like to learn how to.

kevin.gadsden@bt.com kevin.gadsden at bt.com
Thu Apr 29 11:34:43 GMT 2004


With regard to reporting spam and first time reports, I normally send
out a response including this link
http://spamcop.net/fom-serve/cache/19.html to end user.  It is a SpamCop
site but it contains very useful information on how to find the e-mail
headers on various e-mail software clients.

The information in the e-mail header is needed to help identify the
source IP address and the route the e-mail took.

It is often better to copy and paste this information into your report
as it will greatly assist the various network abuse teams etc.

Hope this helps

Kind regards

Kevin Gadsden

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Tankelewicz
Sent: 29 April 2004 03:11
To: General DShield Discussion List
Subject: Re: [Dshield] Novice regarding reporting spam,would like to
learn how to.


How to report spam,

Someone had already mentioned spamcop...

What I use is a porgram called Mailwasher Pro from a company called
Firetrust. http://entier.ecosm.com/link/?ibyuqt

MailWasher(r) Pro is the answer to your time wasting junk mail problems,
as well as letting you preview and delete your email before it gets to
your computer, MailWasher(r) Pro also enables you to subscribe to the
FirstAlert!T spam database. Join the community of FirstAlert!
subscribers reporting spam messages and watch as even more spam
disappears from not only your inbox, but the inboxes of all other
FirstAlert! subscribers as well!

MailWasher(r) Pro learns and adapts to your personal preferences by
letting you teach it the kind of email you want to receive. These
intelligent filters use Firetrust's advanced learning filters (Bayesian
statistics) to deliver a robust and efficient approach to solving your
spam problem!


Chris Tankelewicz


----- Original Message ----- 
From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
To: "DShield General DShield Discussion List" <list at lists.dshield.org>
Sent: Wednesday, April 28, 2004 10:58 AM
Subject: [Dshield] Novice regarding reporting spam,would like to learn
how to.


>
> At least a part of spam involves possible security issues.
>
> Would fellow DShielders with insights kindly assist in the first 
> attempt to report spam?
>
> 1) To whom would you report this example of spam?
>
> 2) Does something nasty wait at the URL in the message? (Would 
> browsing with, e.g. Mozilla 1.6 be insecure or safe?)
>
>
> Thanks in advance for all enlightenment.
>
> - Pete
>
>
> ===Received Headers (from me to 
> sender)========================================
> R1: (unknown) - Wed, 28 Apr 2004 16:22:52 +0300
>     from my-ISP's-mail-server-DSN ([unix socket])
>     by   nickname-for-my-ISP's-mail-server-DSN (Cyrus v2.1.10)
>     with LMTP
> R2: IP-number-of-my-ISP's-other-mail-server-DSN - Wed, 28 Apr 2004 
> 16:22:52 +0300 (EETDST)
>     from another-DSN-of-my-ISP's-mail-servers
> (another-DSN-of-my-ISP's-mail-servers [respective IP number])
>     by   my-ISP's-mail-server-DSN (8.11.1 (Revision
> 1.5+JAGae91741+JAGae92668) /8.11.1)
>     with ESMTP
>     id   i3SDMqh14273
> R3: 211.59.140.77 - Wed, 28 Apr 2004 16:22:48 +0300 (EEST)
>     from the-previous-respective-IP-number (unknown [211.59.140.77])
>     by   another-DSN-of-my-ISP's-mail-servers (Postfix)
>     with SMTP
>     id   D1B9A2975E8
> R4: 206.96.120.94 - Thu, 29 Apr 2004 00:19:18 -0200
>     from 206.96.120.94
>     by   211.59.140.77
>
> ===All e-mail Internet 
> Headers==================================================
> Return-Path: <QAWAZR at msn.com>
> Received: from my-ISP's-mail-server-DSN ([unix socket])
> by nickname-for-my-ISP's-mail-server-DSN (Cyrus v2.1.10) with LMTP; 
> Wed, 28 Apr 2004 16:22:52 +0300
> Received: from another-DSN-of-my-ISP's-mail-servers
> (another-DSN-of-my-ISP's-mail-servers [respective IP number]) by 
> my-ISP's-mail-server-DSN (8.11.1 (Revision
> 1.5+JAGae91741+JAGae92668) /8.11.1) with ESMTP id i3SDMqh14273; Wed, 
> 28 Apr 2004 16:22:52 +0300 (EETDST)
> Received: from the-previous-respective-IP-number (unknown
> [211.59.140.77])
> by another-DSN-of-my-ISP's-mail-servers (Postfix) with SMTP id 
> D1B9A2975E8; Wed, 28 Apr 2004 16:22:48 +0300 (EEST)
> Received: from 206.96.120.94 by 211.59.140.77; Thu, 29 Apr 2004 
> 00:19:18 -0200
> Message-ID: <EQGWXDBPHQHGNRLIAXWMZT at yahoo.com>
> From: "Fidel Kent" <QAWAZR at msn.com>
> Reply-To: "Fidel Kent" <QAWAZR at msn.com>
> To: another-person's-email-account-at-my-ISP,
> my-email-account-at-my-ISP, 
> yet-another-person's-email-account-at-my-ISP
> Subject: Hey! My girlfriend N.U.D.E on internet
> Date: Thu, 29 Apr 2004 00:17:18 -0200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="--828139093201691231"
> X-IP: 189.222.238.113
>
>
> -----------------------------------------------
>
> SENDER-FIELD OF EMAIL:
> Fidel Kent [QAWAZR at msn.com]
>
> TITLE OF EMAIL:
> Hey! My girlfriend N.U.D.E on internet
>
> BODY OF EMAIL:
> Hey Guys
> Do you want see my GirlFriend Nude ?
> She has really nice big tits and the beutiful ass i know
> Here her website
>
> http://www.mygirlfriend.fluo.net
>
>
> _______________________________________________
> list mailing list
> list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>
> ----------------------------------------------------
> This message has been processed by Firetrust Benign.


_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list