[100053] in RedHat Linux List
Re: SPAM headers.
daemon@ATHENA.MIT.EDU (Thomas Gaume)
Wed Nov 18 10:02:24 1998
Date: Wed, 18 Nov 1998 15:01:31 +0000
From: Thomas Gaume <tom@flwireless.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
How about something simple that checks that the sender is a valid
address (finger maybe), store this in a db or text file that the sender
stores all previous varified senders that the To: line gets tested
against first and then tries to verify the address.
"Soffen, Matthew" wrote:
>
> What happens if someone BCC's you a copy of a letter ? Or it is sent to
> some mail alias that points to you ?
> It is "difficult" to block based on the To: address because you run the
> risk the possibility of trashing real mail.
>
> > ----------
> > From: Ramon Gandia[SMTP:rfg@nook.net]
> > Sent: Wednesday, November 18, 1998 1:06 AM
> > To: redhat-list@redhat.com
> > Subject: SPAM headers.
> >
> > I got a spam mail, and it looked like this on my Email
> > screen:
> >
> > ---------------------------------------------------
> > Subject: YOUR FREE STEALTH MAILER IS WAITING !!!
> > Date: Tue, 17 Nov 98 10:35:45 EST
> > From: millenieum_69@mailexcited.com
> > Reply-To: Reply-To:everyone_1964@mailexcited.com
> > To: makemoneyfromhome@everywhere.com
> > <text snipped>
> > ----------------------------------------------------
> > In the Mail Headers I see the difference:
> >
> > --------------------------------------------
> > Delivered-To: rfg@nook.net
> > To: makemoneyfromhome@everywhere.com
> >
> > --------------------------------------------
> >
> > Please note that this spam and header info are VERY typical.
> > In fact, over the last 6 months or so, of all the SPAM that
> > I got, exactly 100% of it shared this characteristic:
> >
> > The To: has some bogus name, which is the one that shows,
> > whereas in the header the Delivered-To: header has my real
> > email address.
> >
> > Conversely, I have never received a LEGITIMATE email that
> > had a bogus To: address.
> >
> > Now it seems to me that it would be dead easy to do one of
> > several things to Zap a lot SPAM right off the bat. Either
> > system-wide (within Nook Net), or at least personally to me.
> >
> > (1) If the To: header is not for nook.net. Parse or grep the
> > To: line for "nook.net". If its not there, its SPAM.
> >
> > (2) Parse the To: address and compare to the Delivered-To:
> > line, if there is no match, its spam. Have to be careful on
> > this one in the case of CC's. I suspect there may be problems
> > with BCC's.
> >
> > Now, my question to Red Hatters is this. What tool is available
> > to do this? Surely there has to be one. Most of you run
> > Sendmail,
> > Alas, I run Qmail here, but I think that one solution that works
> > with one will be adaptable to the other. Nook Net mail is not
> > busy at all, so this is not needing a powerful program.
> >
> > I would also like some input from Red Hatters if my premise
> > that a Delivered-To: header that has no relationship to the
> > To: header = SPAM. I am sure I am right, and I am sure there
> > is other spam that is properly delivered. Nevertheless, if I
> > were to quietly trash (not bounce) email that met the above
> > criteria, the spammers would not be the wiser.... By their own
> > petard they would cook their goose, so to speak. hehehehhe.
> >
> > What you guys say?
> >
> > --
> > Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
> > 285 West First Avenue rfg@nook.net
> > P.O. Box 970 tel. 907-443-7575
> > Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
> >
>
> --
> PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com http://archive.redhat.com
> To unsubscribe: mail redhat-list-request@redhat.com with
> "unsubscribe" as the Subject.
--
Thomas L. Gaume
VP-Operations
Wireless Internet Services of Florida, Inc.
http://www.flwireless.net
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
