DCC Checksums: How are they determined?

Peter Beckman beckman@purplecow.com
Thu Nov 7 16:59:53 UTC 2002


Vernon -- thanks for your quick and educated response!  Let me give you a
bit more background.

In Virginia you can sue spammers for sending bulk electronic mail.  I have
8000 emails in my spam box that I want to classify, categorize and organize
in a PHP + MySQL web application that will track, store and allow me to
quickly print out all of the emails I've received from a certain spammer
and bring them to court.

The questions below are just to help me build a better system.  I can read
C, I just hadn't -- asking questions in english is usually easier than
reading someone elses C code!  But I can do that if it is safer to do that
than it is to post here (which I understand -- if spammers know how you
determine fuzzy, then DCC becomes less effective, which hurts me and
everyone else using it; my bad for not thinking of this initially).

My responses below:

On Wed, 6 Nov 2002, Vernon Schryver wrote:

> That is not far from a description of the DCC.

 You are right, it is very close, except that DCC doesn't keep track of
 what individual or website or company actually sent the spam, nor does it
 keep the header and a copy of the bulk email in fuzzy form in order to
 print out later for evidence in court.  I need to keep every header PLUS
 one copy of the fuzzy body in order to sue the spammer in court.

> Yes, those 4 groups are merely easier to read than 32 consecutive
> hex digits.

 Great.

> I actively discourage discussions of details of how the checksums are
> computed beyond what is written in the documentation.  There is no
> profit for people who dislike spam in helping spammers who generally
> can't read C.  So let's just say attachments are "considered," and
> not talk about what "considered" might mean.

 Amen, sorry I didn't consider this!  I'll read the code and then keep it
 to myself.

> The main dcc man page says the following where it discusses the
> checksums:
>
> ]           Received     last Received: header line in the SMTP message
>
> See http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dcc.html#X-DCC-Headers

 Thanks for that pointer -- I wasn't able to find it in my initial scans
 last night.

> > When it checksum's the headers, does it checksum the "From: " as well as
> > the address or just the address?  If just the data, how does it deal with
> > multiple received lines?  Concatenate?
>
> I don't understand that question where it involves From: and Received:
> headers.  I also don't understand 'the "From:" as well as the address'.
> The header checksums covers the entire From header line, with some minor
> exceptions including whitespace and an optional pair of outer <>'s.
> Perhaps the question would be answered by trying `dccproc -Q` on some
> test messages.

 This line in an email:

From: John Q. Smith <abc8382fake@hotmail.com>

 is the hash on "John ... mail.com>", "From: John ... mail.com>", or
 something else?  Is whitespace deleted before running the checksum?
 If you prefer me to find out from the code, just say so.

> How personalizations are handled is an inappropriate topic for public
> discussions.  In fact there are very few people with whom I'll discuss
> that stuff in private.
>
> One of the ground rules of the DCC is that new versions of the client
> code must be distributed periodically to deal with changes in spam
> personalizations.  It's been a year since the last change, but there's
> no reason to hurry the next one by giving spammers aid and comfort in
> the form of public discussions.

 Again, I apologize for not thinking of that before.  It is more to settle
 my curiosity than anything, and I'll comb through the code and email you
 privately if I have and questions, and if you don't trust me enough to
 discuss it, I completely understand.  Security through obscurity! :-)

 Thanks again for your answers.  My first lawsuit goes to court against
 PrintPal (Piggyback.com, Inc. in Oregon) for 58 counts of unsolicited bulk
 email, I'll let you know how it goes.  If successful, I hope to continue
 to sue spammers until they either stop sending spam (at least to myself
 and the ISP I volunteer at) or they go out of business.  At this rate
 though, 8000+ spams == $80,000+ since May 7, 2002, I should have about
 $160,000 worth of lawsuits just this year! :-)

Peter
---------------------------------------------------------------------------
Peter Beckman            Systems Engineer, Fairfax Cable Access Corporation
beckman@purplecow.com                             http://www.purplecow.com/
---------------------------------------------------------------------------




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.