[99999] in RedHat Linux List
Re: SPAM headers.
daemon@ATHENA.MIT.EDU (David E. Fox)
Wed Nov 18 01:38:30 1998
From: "David E. Fox" <dfox@belvdere.vip.best.com>
To: redhat-list@redhat.com
Date: Tue, 17 Nov 1998 22:35:42 -0800 (PST)
Reply-To: dfox@belvdere.vip.best.com
In-Reply-To: <365263F7.F287F381@nook.net> from "Ramon Gandia" at Nov 17, 98 09:06:47 pm
Resent-From: redhat-list@redhat.com
> The To: has some bogus name, which is the one that shows,
> whereas in the header the Delivered-To: header has my real
> email address.
It's typical for the To: line to be just an address picked
at random -- the rest of the people are hidden in a giant
BCC: list. Lots of spam messages tend to be forged - almost
anything in the canonical list of email headers can be
forged.
> Conversely, I have never received a LEGITIMATE email that
> had a bogus To: address.
I would consider that rare. Lots use "friend@public.com" since
that's a hard coded address of one of the bulk mailing
programs out there.
> (1) If the To: header is not for nook.net. Parse or grep the
> To: line for "nook.net". If its not there, its SPAM.
>
> Now, my question to Red Hatters is this. What tool is available
> to do this? Surely there has to be one. Most of you run
Look at procmail first, since it's already there on Redhat systems.
Also check some of the neater spam-fighting things in sendmail
rulesets and so forth, where you can deny mail from whole
domains, sending back messages like "550 get out of here
spammer" etc. The problem does remain, conceivably since
lots of SPAM is forged, that there won't be a bona fide
address to send back anything to.
Procmail can be used to combat spam fairly well, but the syntax
does seem to be difficult to grasp at first, and can be
even dangerous -- a missed something one time caused me to
bounce everything off redhat-list :(.
> I would also like some input from Red Hatters if my premise
> that a Delivered-To: header that has no relationship to the
I don't notice a Delivered-To: item in the header. Do you
mean Reply-To: ?
Some spam messages are beginning to be delivered without
forging. I notice that non-forged spam is increasing with
respect to forged spam -- at least here. This may be in
view of recent state legislation banning some forms of
unsolicited electronic mail.
> Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
> 285 West First Avenue rfg@nook.net
> P.O. Box 970 tel. 907-443-7575
> Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
------------------------------------------------------------------------
David E. Fox Tax Thanks for letting me
dfox@belvdere.vip.best.com the change magnetic patterns
root@belvedere.sbay.org churches on your hard disk.
-----------------------------------------------------------------------
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
