[Mimedefang] Message header madness - was Re: SPF Usefulness (was Re: SNARE spam detection)

Les Mikesell lesmikesell at gmail.com
Fri Jul 31 16:38:21 EDT 2009


- wrote:
> --- On Fri, 7/31/09, David F. Skoll wrote:
>> Outlook's explanation is wrong.  From RFC 2822:
> 
> I know it's not as precise as it should be, but remember we're dealing with Microsoft - a delusional company that regularly thinks it can do its own thing and everyone else will conform to them.
> 
>>> but I stand by my view that a positive value (toward spaminess)
>>> should still be assigned when it is identical to the "From" header
>>> value.
>> That's not my experience.  For some spams, especially phishing spams,
>> Reply-To: is very different because the sender wants to trick the
>> recipient into replying to a throwaway address even if the purported
>> From: address looks official.
> 
> Considering that the Reply-To header is supposed to be different than the From header, the difference itself isn't significant information.  Now, WHERE that reply-to redirects replies is significant info., especially when the domain part of that mailbox is repeated in a URL in the message body.
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> 
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

These list messages fit your description of a REPLY-TO: with a domain 
matching a URL in the body (as would one from David if the list didn't 
change the reply-to, as some don't).  What significant information can 
you deduce from it?

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the MIMEDefang mailing list