[Mimedefang] Message header madness - was Re: SPF Usefulness (was Re: SNARE spam detection)

- kd6lvw at yahoo.com
Fri Jul 31 18:39:21 EDT 2009

--- On Fri, 7/31/09, Les Mikesell <lesmikesell at gmail.com> wrote:
> These list messages fit your description of a REPLY-TO:
> with a domain matching a URL in the body (as would one from
> David if the list didn't change the reply-to, as some
> don't).  What significant information can you deduce
> from it?

That the purpose of the message is to direct the reader to a web site that is under the same administrative control as that of the sender of the message and/or to direct any replies to the a mailbox under the same administrative control as that of the web site - i.e. the two are clearly linked.

It could be a "personal message" saying:  "Here's my web site."

It could be spam or phishing mail.

Whether the URL appears in a signature (i.e. after a line that has DASH-DASH-SPACE) or not should be a scoring factor.  Legitimate personal mail often have signatures.  Spam often doesn't.

More information about the MIMEDefang mailing list