[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: possible spam compromise - advice please



On Fri, 18 Feb 2011 08:57:09 -0500
Roger Dingledine <arma@xxxxxxx> allegedly wrote:


> A lot of spam blacklists don't actually work by receiving spam mail
> via smtp. Instead they look for a wide variety of activity that they
> think is related to a compromised computer, and then assume that
> computer will soon be sending spam mail as well. Unfortunately, that
> approach makes the wrong decision for Tor exit relays.
> 
> You might ask your provider for a copy of the complaint, to get more
> hints? Maybe somebody is scribbling on some web forum through your
> relay, and spamcop is jumping to conclusions. I would avoid "saying
> categorically that tor usage cannot be responsible" -- first you
> should try to figure out what the complaint (and evidence) actually
> is, and then you can help your ISP understand what's going on.

Roger (and Christian too)

Thanks for the quick response and useful tips.

I asked my ISP for a copy of the report and they sent me the sample
"spam" they got from spamcop. It contained this:

"X-Originating-IP: [195.234.10.45]"

and the rest of the email headers made it obvious that the mail went
through a "freemail" service. 

So spamcop are being dumb and blaming my exit node based on a header
added by a web mail system.

I've sent an explanatory email to my provider and I'm waiting to see
what they want me to do. If I have to close that node, I'll go
somewhere else (I've just bought another VM anyway....)

> Also check out http://paulgraham.com/spamhausblacklist.html if you
> want to get more angry at the overall approach of spam blacklists --
> pretty much all of them follow this pattern. :( Their tactics can get
> pretty ugly. One of the future steps in the arms race could even be
> listing your neighbors as spammers, even if they're perfectly
> innocent, to force the neighbors to force you to stop your behavior.

Yep - seen that. I agree.

Cheers

Mick 




---------------------------------------------------------------------

The text file for RFC 854 contains exactly 854 lines. 
Do you think there is any cosmic significance in this?

Douglas E Comer - Internetworking with TCP/IP Volume 1

http://www.ietf.org/rfc/rfc854.txt
---------------------------------------------------------------------



Attachment: signature.asc
Description: PGP signature