possible spam compromise - advice please
mick
mbm at rlogin.net
Fri Feb 18 16:03:09 UTC 2011
On Fri, 18 Feb 2011 08:57:09 -0500
Roger Dingledine <arma at mit.edu> allegedly wrote:
> A lot of spam blacklists don't actually work by receiving spam mail
> via smtp. Instead they look for a wide variety of activity that they
> think is related to a compromised computer, and then assume that
> computer will soon be sending spam mail as well. Unfortunately, that
> approach makes the wrong decision for Tor exit relays.
>
> You might ask your provider for a copy of the complaint, to get more
> hints? Maybe somebody is scribbling on some web forum through your
> relay, and spamcop is jumping to conclusions. I would avoid "saying
> categorically that tor usage cannot be responsible" -- first you
> should try to figure out what the complaint (and evidence) actually
> is, and then you can help your ISP understand what's going on.
Roger (and Christian too)
Thanks for the quick response and useful tips.
I asked my ISP for a copy of the report and they sent me the sample
"spam" they got from spamcop. It contained this:
"X-Originating-IP: [195.234.10.45]"
and the rest of the email headers made it obvious that the mail went
through a "freemail" service.
So spamcop are being dumb and blaming my exit node based on a header
added by a web mail system.
I've sent an explanatory email to my provider and I'm waiting to see
what they want me to do. If I have to close that node, I'll go
somewhere else (I've just bought another VM anyway....)
> Also check out http://paulgraham.com/spamhausblacklist.html if you
> want to get more angry at the overall approach of spam blacklists --
> pretty much all of them follow this pattern. :( Their tactics can get
> pretty ugly. One of the future steps in the arms race could even be
> listing your neighbors as spammers, even if they're perfectly
> innocent, to force the neighbors to force you to stop your behavior.
Yep - seen that. I agree.
Cheers
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines.
Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20110218/eef0800f/attachment.pgp>
More information about the tor-relays
mailing list