[Mimedefang] Message header madness - was Re: SPF Usefulness (was Re: SNARE spam detection)
Les Mikesell
lesmikesell at gmail.com
Fri Jul 31 16:38:21 EDT 2009
- wrote:
> --- On Fri, 7/31/09, David F. Skoll wrote:
>> Outlook's explanation is wrong. From RFC 2822:
>
> I know it's not as precise as it should be, but remember we're dealing with Microsoft - a delusional company that regularly thinks it can do its own thing and everyone else will conform to them.
>
>>> but I stand by my view that a positive value (toward spaminess)
>>> should still be assigned when it is identical to the "From" header
>>> value.
>> That's not my experience. For some spams, especially phishing spams,
>> Reply-To: is very different because the sender wants to trick the
>> recipient into replying to a throwaway address even if the purported
>> From: address looks official.
>
> Considering that the Reply-To header is supposed to be different than the From header, the difference itself isn't significant information. Now, WHERE that reply-to redirects replies is significant info., especially when the domain part of that mailbox is repeated in a URL in the message body.
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
These list messages fit your description of a REPLY-TO: with a domain
matching a URL in the body (as would one from David if the list didn't
change the reply-to, as some don't). What significant information can
you deduce from it?
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list