I've resumed development on this
Plan on some great new releases coming up! The war on spam can be best approached through a multi-faceted response. Some ISPs are willing to shutdown spammers if they learn they are on their network. Some domain name registrars are willing to shutdown spammer's websites. Some postmasters are willing to close their open relays. This script notifies all three that there is a problem!
Re: Wrong approach
> If you'd bothered to read the post you'd
> replied to properly
> you'd see that the guy clearly indicated
> that he wanted to
> handle spam. What he complained about
> was the manner
> of reporting spam. If you're tired of
> spam, then it should be
> in your interest to report spam problems
> in a way that make
> it as easy as possible for abuse
> departments to prevent or
> close down spammers.
> You also failed to consider that a major
> point he made was
> that a lot of the people whose domains
> occur in a typical
> spam message are completely innocent and
> have nothing to do with the spam, and
> couldn't have done anything to prevent
> it. Speaking as someone who has
> administered a mail system with 1.7
> million users, I can tell you that the
> one largest abuse problem we had was not
> our own users spamming people, but
> people causing massive amounts of
> traffic to our system by using fake,
> non-existing addresses at our domains in
> the From: address of their spams.
> No changes we could have made could
> prevent that. No action on our end could
> prevent that. No message to our abuse
> department could stop that spamming, as
> it wasn't done by our users or from or
> through our servers.
> That's why just firing of e-mails to
> anyone listed in a spam
> message is a problem: abuse departments
> are overloaded
> enough as it is. Hindering their work by
> sending them complaints about spams they
> can do nothing about and are
> completely innocent of doesn't help.
This response is 4 years late, but your point still stands. Spam.pl does not use the From: line in the email as with true spam it is always a forgery.
There are still two complaints that a postmaster can make about this script:
(1) spam.pl treats forged Received: headers as if they are the real thing, and will email the postmasters of those forged headers. I plan on implementing some Received: checking and making emailing forged postmasters an option rather than the default.
(2) spam.pl grabs every domain from the body of the email and generates a complaint to each domain. With the rise of phishing, and the increased deviousness of these emails, often times legitimate domain names are stuck in the email, such as 'paypal' and 'ebay'. However, I am going to work under the assumption that if you are a postmaster at a domain that is being used in phishing scheme's, you'd like to know about it so you can warn your customers, etc.