Help | Site Map
| Text size: - +
(Answer) (Category) SpamCop FAQ : (Category) Help for abuse-desks and administrators : (Category) Robots: Mailing lists and autoresponders :
How can I deflect reports about my web to email gateway?

When a web site sends an email based on input from a web client, it should maintain the "chain of custody" for the message. This is done by including the client's IP address in the email headers in standard format. This is the technique used by hotmail, yahoo and most other webmail systems. SpamCop supports it, and it works well with most web to email scripts.

A relevant example: Consider a typical "refer a friend" script. It accepts essentially one piece of input from the web user - the recipient email address. It then sends a big advertisement for the site in question to that address. As such, it is ripe for abuse. If the script passes the web client's IP address to the recipient, the recipient can file a SpamCop report and bring the incident to the attention of the web client's administrator - the real sender - rather than the administrator of the web server, who didn't initiate the email.

To continue the example, consider a user, Mary who is logged onto the net from 10.1.2.3. She enters her friend John's email address (john@example.com) into a website (website.example.com). As a result, the web site's script generates an email to John which looks like this:

Received: from [10.1.2.3]
    by website.example.com with HTTP; 01 Jan 2003 12:34:56 -0000
From: Mary <devnull@website.example.com>
To: John <john@example.com>
Subject: Visit website.example.com!
Date: 01 Jan 2003 12:34:56 -0000
Message-id: <something_random@website.example.com>
X-Mailer: refer-a-friend web to email gateway script v.2.3

Mary thought you would like to see
http://website.example.com/

Sorry if you aren't interested. Mary sent this email from 10.1.2.3.

After the message is sent, other "Received" headers will be prepended, indicating the chain of custody from the website onward. By including one received header in the "original" message, website can indicate the true source of the message (and potentially, abuse).
[Append to This Answer]