[Scspamcop] Re: So can anyone tell me why SpamCop doesn't chaintest
this item, or even recognize the second line as valid?
Mike Easter
MikeE at ster.invalid
Sat Aug 4 10:41:26 EDT 2007
Geoffrey Hyde wrote:
Subject: So can anyone tell me why SpamCop doesn't chaintest this item,
or even recognize the second line as valid?
I know you probably think I 'pick on you' about these things, but that
isn't a good subject. That question should be down in the body of your
message. Your subject should be short/brief and encapsulate or entitle
the message/question's meaning in just a few words, maybe 'Mailhost
chaining problem?'
>
http://www.spamcop.net/sc?id=z1380924298zfb2f0df55ff348d82057c571d60ebcb7z
> What's wrong with that second Received: line that makes SpamCop not
> even want to consider it?
Abbreviated Received tracelines
from 78.112.52.209.in-addr.arpa ([78.112.52.209]) by
imta07ps.mx.bigpond.com *sourceline
from MYQD ([10.174.86.19]) by 78.112.52.209.in-addr.arpa *bogusline
In the case of a mailhosted account, the 2nd line is not considered
because the IP in the 1st line doesn't resolve to a name, according to
the verbose:
No unique hostname found for source: 78.112.52.209
If reported today, reports would be sent to:
Re: 78.112.52.209 (Administrator of network where email originates)
abuse-security at cegetel.net
However, a human would parse/chain the headers differently, more like
spamcop does for a non-mailhosted account, but the human and
nonmailhosted SC result would discard the 2nd line because it is a
non-routing IP in the 'from' field and a 'no good' non-chaining
information in the 'by' field.
The 2nd line is no good on two different counts
> Is it something wrong with mailhosted account versus non-mailhosted
> account? Doess SpamCop have a programming error of some kind?
They are parsed by different logic. Either logic works with the same
result in this case.
> This one caught my eye because the servers apparently should be
> chaintested, and I'm interested to know why SpamCop doesn't see that.
I would concur that the difference in the parsing is interesting. If
you would like to see the logic of the parsing algorithm for a
nonmailhosted account, here it is:
http://www.spamcop.net/sc?id=z1380939763z35ad798b83a0438d8356c116af94bb94z
Report Spam to:
Re: 78.112.52.209 (Administrator of network where email originates)
To: abuse-security at cegetel.net (Notes)
<cancelled>
The result is the same, but the logic of the parse and the chain is
distinctly different.
--
Mike Easter
kibitzer, not SC admin
More information about the SCspamcop
mailing list