by josh » Thu Sep 21, 2006 12:02 pm
The truth is that now it's pretty much like you're describing, but without the fine -- if the person can convince us that it won't happen again, that's really good enough.
As for the headers, we've always done that. Initially, we did it because we noticed that several state laws criminalize the modification of email headers -- these laws are clearly intended to hurt spammers, but, like most tech-related laws, they're not perfectly drafted. We realized we'd be shutting down in short order if we got caught up in a criminal charge, even if logic prevailed in the resulting proceeding.
Further, the possibility that a SG user would do something fraudulent, etc., seemed worthy of consideration -- leaving the original headers gives us a "get out of conflict free" card that prevents us from having to divulge our database and server logs. We have avoided prolonged involvement with lawyers, the German police, and, yes, the U.S. Department of Homeland Security this way. Getting caught up in situations like this would dramatically increase the cost of providing the service, and would probably lead to a shut-down, as well.
Including the headers didn't bug anyone too much, because a) sg is not an "anonymizer", and b) we operate on the pricinple that spammers deal in bulk, and can't be bothered to expend energy to find an email address when there are so many that are readily available (including the disposable address in the "From:" line). So far, we believe this has rung true.
Later, we became aware of another reason to preserve the headers (the one you're describing) - we made a version of the code that used a standard Perl module for mail processing, tested it heavily (but never looked at the headers) and then deployed it. We were blacklisted with extreme prejudice within hours - the module was "re-originating" the messages by removing the prior server header info. That was a mess, and resulted in a much more comprehensive black-out that we've seen since.