Peter Beckman
beckman@purplecow.com
Thu Nov 7 16:59:53 UTC 2002
Vernon -- thanks for your quick and educated response! Let me give you a bit more background. In Virginia you can sue spammers for sending bulk electronic mail. I have 8000 emails in my spam box that I want to classify, categorize and organize in a PHP + MySQL web application that will track, store and allow me to quickly print out all of the emails I've received from a certain spammer and bring them to court. The questions below are just to help me build a better system. I can read C, I just hadn't -- asking questions in english is usually easier than reading someone elses C code! But I can do that if it is safer to do that than it is to post here (which I understand -- if spammers know how you determine fuzzy, then DCC becomes less effective, which hurts me and everyone else using it; my bad for not thinking of this initially). My responses below: On Wed, 6 Nov 2002, Vernon Schryver wrote: > That is not far from a description of the DCC. You are right, it is very close, except that DCC doesn't keep track of what individual or website or company actually sent the spam, nor does it keep the header and a copy of the bulk email in fuzzy form in order to print out later for evidence in court. I need to keep every header PLUS one copy of the fuzzy body in order to sue the spammer in court. > Yes, those 4 groups are merely easier to read than 32 consecutive > hex digits. Great. > I actively discourage discussions of details of how the checksums are > computed beyond what is written in the documentation. There is no > profit for people who dislike spam in helping spammers who generally > can't read C. So let's just say attachments are "considered," and > not talk about what "considered" might mean. Amen, sorry I didn't consider this! I'll read the code and then keep it to myself. > The main dcc man page says the following where it discusses the > checksums: > > ] Received last Received: header line in the SMTP message > > See http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dcc.html#X-DCC-Headers Thanks for that pointer -- I wasn't able to find it in my initial scans last night. > > When it checksum's the headers, does it checksum the "From: " as well as > > the address or just the address? If just the data, how does it deal with > > multiple received lines? Concatenate? > > I don't understand that question where it involves From: and Received: > headers. I also don't understand 'the "From:" as well as the address'. > The header checksums covers the entire From header line, with some minor > exceptions including whitespace and an optional pair of outer <>'s. > Perhaps the question would be answered by trying `dccproc -Q` on some > test messages. This line in an email: From: John Q. Smith <abc8382fake@hotmail.com> is the hash on "John ... mail.com>", "From: John ... mail.com>", or something else? Is whitespace deleted before running the checksum? If you prefer me to find out from the code, just say so. > How personalizations are handled is an inappropriate topic for public > discussions. In fact there are very few people with whom I'll discuss > that stuff in private. > > One of the ground rules of the DCC is that new versions of the client > code must be distributed periodically to deal with changes in spam > personalizations. It's been a year since the last change, but there's > no reason to hurry the next one by giving spammers aid and comfort in > the form of public discussions. Again, I apologize for not thinking of that before. It is more to settle my curiosity than anything, and I'll comb through the code and email you privately if I have and questions, and if you don't trust me enough to discuss it, I completely understand. Security through obscurity! :-) Thanks again for your answers. My first lawsuit goes to court against PrintPal (Piggyback.com, Inc. in Oregon) for 58 counts of unsolicited bulk email, I'll let you know how it goes. If successful, I hope to continue to sue spammers until they either stop sending spam (at least to myself and the ISP I volunteer at) or they go out of business. At this rate though, 8000+ spams == $80,000+ since May 7, 2002, I should have about $160,000 worth of lawsuits just this year! :-) Peter --------------------------------------------------------------------------- Peter Beckman Systems Engineer, Fairfax Cable Access Corporation beckman@purplecow.com http://www.purplecow.com/ ---------------------------------------------------------------------------
More information about the DCC
mailing list
