[unisog] DMCA Reports and No-Reply Addresses

PaulFM paulfm at me.umn.edu
Thu Dec 30 16:36:58 GMT 2004

If your mail server is set up correctly, it should only accept mail From 
valid users at valid dns names (check the full headers of the message and 
your mail-server logs to look for the envelope from address).

Additionally.  Since the return address is fake, you could probably persue 
legal acction against the sender since this message now becomes an anonymous 

I would at minumum, find out the source mail server and block it with the 
error message - Blocked for sending Threatening spam.

Don't fill out the form, contact a lawyer and check the legal status of this 
(I don't think e-mail is an acceptable notification method for legal purposes).

Obviously check the content they mention.

Eric Pancer wrote:

> Hash: SHA1
> It's almost 2005, and more games have started with the DMCA
> "enforcers." We received a notice today from BayTSP with the
> following "From" and "Reply-To" set:
> <universal-studios-no-reply at champ.baytsp.com>
> Replying to this address offers the following error.
> <universal-studios-no-reply at champ.baytsp.com>:
> Sorry, I couldn't find any host named champ.baytsp.com. (#5.1.2)
> Embedded in the email is the following blob:
> "
>   All correspondence regarding this notice should be sent to:
>   <http://webreply.baytsp.com/webreply/webreply.jsp?customerid=XX&commhash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
> "
> Note that anyone can go to this page, no authentication is required.
> Then, you'll get to waste your time filling in the pretty boxes
> (note that you've already wasted your time by having to open up a
> browser since you don't use a graphical email client (you don't,
> right?)). The three options you can select are:
> "
>   1. I've complied and removed all copyrighted material for which
>      I'm not the copyright holder
>   2. No, I've not complied and I'm still distributing copyrighted
>      material.
>   3. Mistake, You sent the notice to the wrong person (fill in more
>      detail below).
> "
> You'll then have to check a box that states...
> " By checking this box I swear that I have provided truthful
> information."
> So, for all of you that have automated processing of incoming DMCA
> reports, Happy New Year, and get to work on some automated things to
> select option #3 above using curl!
> - -- 
> Eric Pancer :.: Computer Security Response Team :.: DePaul University
> http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
> pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
> afMG67Z8Pl13WUjS2QwSNxJNjuLPLNeEW9K/gsJ60+plH/xVAKO50MEAtCOkOStS
> Q2euJRI6tcjSxrZ8P0amfr01g3ixf4ZXpES3biohTIw4QF8hRFHK+b3bGe4rEaN6
> 0RU+NCtA0FdbOwqNWAoDnG+pr1rrvS7IHQecLq8vfqtYneIrbBzHW4/cCtM6+Tz2
> 0e/UsddgJiPslQ9sqPLvY23psroszAo0QvsR2R7gjq/L5qkUSmYzdJBFzdof5eRM
> xJydYvzsKMq0a46Pj9CmuEMPGey2kSvXtW+D2BIW6JlcF7aD2Q8tcA==
> =B7Rj
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm

More information about the unisog mailing list