[Mimedefang] Message header madness - was Re: SPF Usefulness (was Re: SNARE spam detection)
kd6lvw at yahoo.com
Fri Jul 31 18:39:21 EDT 2009
--- On Fri, 7/31/09, Les Mikesell <lesmikesell at gmail.com> wrote:
> These list messages fit your description of a REPLY-TO:
> with a domain matching a URL in the body (as would one from
> David if the list didn't change the reply-to, as some
> don't). What significant information can you deduce
> from it?
That the purpose of the message is to direct the reader to a web site that is under the same administrative control as that of the sender of the message and/or to direct any replies to the a mailbox under the same administrative control as that of the web site - i.e. the two are clearly linked.
It could be a "personal message" saying: "Here's my web site."
It could be spam or phishing mail.
Whether the URL appears in a signature (i.e. after a line that has DASH-DASH-SPACE) or not should be a scoring factor. Legitimate personal mail often have signatures. Spam often doesn't.
More information about the MIMEDefang