[100051] in RedHat Linux List
RE: SPAM headers.
daemon@ATHENA.MIT.EDU (Soffen, Matthew)
Wed Nov 18 09:54:04 1998
From: "Soffen, Matthew" <msoffen@iso-ne.com>
To: redhat-list@redhat.com, Ramon Gandia <rfg@nook.net>
Date: Wed, 18 Nov 1998 09:55:14 -0500
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
What happens if someone BCC's you a copy of a letter ? Or it is sent to
some mail alias that points to you ?
It is "difficult" to block based on the To: address because you run the
risk the possibility of trashing real mail.
> ----------
> From: Ramon Gandia[SMTP:rfg@nook.net]
> Sent: Wednesday, November 18, 1998 1:06 AM
> To: redhat-list@redhat.com
> Subject: SPAM headers.
>
> I got a spam mail, and it looked like this on my Email
> screen:
>
> ---------------------------------------------------
> Subject: YOUR FREE STEALTH MAILER IS WAITING !!!
> Date: Tue, 17 Nov 98 10:35:45 EST
> From: millenieum_69@mailexcited.com
> Reply-To: Reply-To:everyone_1964@mailexcited.com
> To: makemoneyfromhome@everywhere.com
> <text snipped>
> ----------------------------------------------------
> In the Mail Headers I see the difference:
>
> --------------------------------------------
> Delivered-To: rfg@nook.net
> To: makemoneyfromhome@everywhere.com
>
> --------------------------------------------
>
> Please note that this spam and header info are VERY typical.
> In fact, over the last 6 months or so, of all the SPAM that
> I got, exactly 100% of it shared this characteristic:
>
> The To: has some bogus name, which is the one that shows,
> whereas in the header the Delivered-To: header has my real
> email address.
>
> Conversely, I have never received a LEGITIMATE email that
> had a bogus To: address.
>
> Now it seems to me that it would be dead easy to do one of
> several things to Zap a lot SPAM right off the bat. Either
> system-wide (within Nook Net), or at least personally to me.
>
> (1) If the To: header is not for nook.net. Parse or grep the
> To: line for "nook.net". If its not there, its SPAM.
>
> (2) Parse the To: address and compare to the Delivered-To:
> line, if there is no match, its spam. Have to be careful on
> this one in the case of CC's. I suspect there may be problems
> with BCC's.
>
> Now, my question to Red Hatters is this. What tool is available
> to do this? Surely there has to be one. Most of you run
> Sendmail,
> Alas, I run Qmail here, but I think that one solution that works
> with one will be adaptable to the other. Nook Net mail is not
> busy at all, so this is not needing a powerful program.
>
> I would also like some input from Red Hatters if my premise
> that a Delivered-To: header that has no relationship to the
> To: header = SPAM. I am sure I am right, and I am sure there
> is other spam that is properly delivered. Nevertheless, if I
> were to quietly trash (not bounce) email that met the above
> criteria, the spammers would not be the wiser.... By their own
> petard they would cook their goose, so to speak. hehehehhe.
>
> What you guys say?
>
> --
> Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
> 285 West First Avenue rfg@nook.net
> P.O. Box 970 tel. 907-443-7575
> Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
