[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-11-29 21:12:20
But, in general, that information is essential to identifying spoofed header
fields: it's by tracing the chain of "from" addresses in Received header
fields that one can determine that someone is attempting to do something

Can you cite a real-world example of a case where you did something like this 
recently, and explain how you were able to do what you
claim, above, is possible using just the header fields in the message?

Spam filters have been doing Received chain analysis for about 20
years.  The principle is straightforward, the source in each header
should match the recipient in the header below it, and timestamps
should be in the right order.  There's also heuristics based on
knowing what real headers from popular mail systems should look like.

The scripts I use to send off spam complaints do header analysis to
figure out who to complain to, and not to complain to addresses in
fake headers, so I'd say I do this about 100 times a day, every day,
in addition to spamassassin doing it on every incoming message that
it filters.

If you want to look at some code, spamassassin is at


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>