[Mimedefang] Spamware with "blank" header lines
Joseph Brennan
brennan at columbia.edu
Mon Jan 12 09:44:18 EST 2004
I've been seeing spam with this oddly formatted header. Note the
apparent blank lines within the header.
Return-Path: <20peatztx at unicode.org>
Received: from dyn-81-167-94-27.ppp.tiscali.fr
(dyn-81-167-94-27.ppp.tiscali.fr [81.167.94.27])
by dewberry.cc.columbia.edu (8.12.10/8.12.10) with SMTP id i0C7FXo4006246;
Mon, 12 Jan 2004 02:15:45 -0500 (EST)
Received: from [39.161.219.59] by dyn-81-167-94-27.ppp.tiscali.fr id
<7108377-18762>; Mon, 12 Jan 2004 18:10:05 -0300
Message-ID: <3452qcymsr83 at 357o5b0>
From: "Hugh Mosley" <20peatztx at unicode.org>
Reply-To: "Hugh Mosley" <20peatztx at unicode.org>
To: brennan at columbia.edu
Subject: arena stock to go to $10 ? chef angelo tr
Date: Mon, 12 Jan 04 18:10:05 +0000
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_3A55914C_."
X-Spam-Score: 2.252 (**) FORGED_MUA_OIMO HTML_MESSAGE
X-Scanned-By: MIMEDefang 2.35
Transforming blank to | we can see what is there:
From|20peatztx at unicode.org||Mon|Jan|12|02:16:03|2004
Return-Path:|<20peatztx at unicode.org>
Received:|from|dyn-81-167-94-27.ppp.tiscali.fr|(dyn-81-167-94-27.ppp.tiscal
i.fr|[81.167.94.27])
by|dewberry.cc.columbia.edu|(8.12.10/8.12.10)|with|SMTP|id|i0C7FXo4006246;
Mon,|12|Jan|2004|02:15:45|-0500|(EST)
Received:|from|[39.161.219.59]|by|dyn-81-167-94-27.ppp.tiscali.fr|id|<71083
77-18762>;|Mon,|12|Jan|2004|18:10:05|-0300
Message-ID:|<3452qcymsr83 at 357o5b0>
From:|"Hugh|Mosley"|<20peatztx at unicode.org>
Reply-To:|"Hugh|Mosley"|<20peatztx at unicode.org>
To:|brennan at columbia.edu
Subject:|arena|stock|to|go|to|$10|?|chef|angelo|tr
Date:|Mon,|12|Jan|04|18:10:05|+0000
X-Mailer:|Microsoft|Outlook|IMO,|Build|9.0.2416|(9.0.2910.0)
MIME-Version:|1.0
Content-Type:|multipart/alternative;
boundary="_3A55914C_."
|||||||||||||
|||||||||||||||||||||||||
X-Spam-Score:|2.252|(**)|FORGED_MUA_OIMO|HTML_MESSAGE
X-Scanned-By:|MIMEDefang|2.35
In effect the Content-Type field is "continued" by two more lines
beginning with whitespace. This might be compliant, unless
continuation lines are required to have at least one non-whitespace
character. I'm thinking of rejecting mail with this.
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
More information about the MIMEDefang
mailing list