[99998] in RedHat Linux List
SPAM headers.
daemon@ATHENA.MIT.EDU (Ramon Gandia)
Wed Nov 18 01:12:09 1998
Date: Tue, 17 Nov 1998 21:06:47 -0900
From: Ramon Gandia <rfg@nook.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I got a spam mail, and it looked like this on my Email
screen:
---------------------------------------------------
Subject: YOUR FREE STEALTH MAILER IS WAITING !!!
Date: Tue, 17 Nov 98 10:35:45 EST
From: millenieum_69@mailexcited.com
Reply-To: Reply-To:everyone_1964@mailexcited.com
To: makemoneyfromhome@everywhere.com
<text snipped>
----------------------------------------------------
In the Mail Headers I see the difference:
--------------------------------------------
Delivered-To: rfg@nook.net
To: makemoneyfromhome@everywhere.com
--------------------------------------------
Please note that this spam and header info are VERY typical.
In fact, over the last 6 months or so, of all the SPAM that
I got, exactly 100% of it shared this characteristic:
The To: has some bogus name, which is the one that shows,
whereas in the header the Delivered-To: header has my real
email address.
Conversely, I have never received a LEGITIMATE email that
had a bogus To: address.
Now it seems to me that it would be dead easy to do one of
several things to Zap a lot SPAM right off the bat. Either
system-wide (within Nook Net), or at least personally to me.
(1) If the To: header is not for nook.net. Parse or grep the
To: line for "nook.net". If its not there, its SPAM.
(2) Parse the To: address and compare to the Delivered-To:
line, if there is no match, its spam. Have to be careful on
this one in the case of CC's. I suspect there may be problems
with BCC's.
Now, my question to Red Hatters is this. What tool is available
to do this? Surely there has to be one. Most of you run
Sendmail,
Alas, I run Qmail here, but I think that one solution that works
with one will be adaptable to the other. Nook Net mail is not
busy at all, so this is not needing a powerful program.
I would also like some input from Red Hatters if my premise
that a Delivered-To: header that has no relationship to the
To: header = SPAM. I am sure I am right, and I am sure there
is other spam that is properly delivered. Nevertheless, if I
were to quietly trash (not bounce) email that met the above
criteria, the spammers would not be the wiser.... By their own
petard they would cook their goose, so to speak. hehehehhe.
What you guys say?
--
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue rfg@nook.net
P.O. Box 970 tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
