[Mimedefang] On pinheaded ISP's (sort of OT)

[Philip Prindeville]

Lisa Casey wrote:

>I run an ISP and my customers e-mail is their own private business. it would
>be quite wrong of me (in my opinion) to keep copies of my customers email.
>If someone says to me that one of my customers is spamming, I'll take that
>allegation quite seriously and do everything I can to investigate and get
>rid of the customer if it turns out to be true. In order to do that though,
>I need copies of the original headers, not the email message itself. Because
>yes -- the probability is quite high that the email did NOT originate with
>us. Most return addresses on spam is forged (surely you guys all know that).
>None of my mail servers are open relays. But if  you come to me with a
>complaint of spamming, I will ask you for proof in the form of headers. And
>if you can't supply that, well I'm sorry but I don't have the hours it might
>take to investigate the complaint otherwise.
>
>Lisa Casey
>
>  
>

But that's exactly the point, isn't it?

That I'm pointing out to the ISP conclusively that the message
came to me, via them... in the logs showing that the connection's
remote end-point was X.X.X.X.  They are saying "That's not
enough, we need headers [and/or the complete message]."

If they want to know where it originated, then they will have to
go through *their* logs and follow the bread-crumb trail
back to the point of origin.

Having to present all of the headers (or, really, just the Received:
headers) isn't reliable for the very reason that you point out:
they can be forged.

Logs can't.

QED.

-Philip