Jeff Chan wrote:
It sounds like a spammer is abusing spamarrest.com's services. Is that correct?
No. The spammer uses one of his zombies (probably), some arbitrary address as "From", and another arbitrary address as "To". The "To" address happens to be a customer of spamarrest, and the "From" address in this example was...
drussell_tb AT xyzzy.claranet.de
Of course that's a bogus address, the spammers simply combine local parts like "drussel" plus junk like "_tb" with catch-all domains like xyzzy.claranet.de (in fact only "my" vanity host).
The spam is then sent to the spamarrest address (in this example From: drussel_tb@xyzzy To: anneliese@spamarrest)
Spamarrrest doesn't know drussel_tb@xyzzy and therefore it sends a challenge to this address (= me). Because I'm not planning to sort Anneliese's spam I report this challenge via SC.
that should be reported back to spamarrest as abuse.
Exactly, that's what I do (using SC, several manual complaints had no effect at all).
Or is spamarrest *originating* these messages purely themselves?
No, that's very unlikely.
is spamarrest actively, directly sending these out themselves?
Sure, they send these challenges. Like UOL "anti spam", QuikCop, Earthlink, and Mailblocker. The latter allows me to report forgeries, as far as I'm concerned that's a more or less working C/R system. Allegedly Earthlink uses Brightmail to filter some spam (in other words this doesn't work). I'm not sure about QuikCop, whatever they do, they don't support SPF:
No forged xyzzy address (MAIL FROM) would pass a SPF filter.
Again mailblocker is the only C/R system where the abuse desk at least promised to forward my proposal to implement SPF. And I haven't seen mailblocker challenges for some time, so from my POV that's the only mentioned C/R system qualifying for your whitelist. OTOH I've never reported mailblocker challenges via SC, because they always had a link to report forgeries. Bye, Frank