So after all this it wasn't an attempt at SPAM then? ie. there's no other
smarts that try to deceive the filters in there is there so it was just a
case that we currently don't allow for.
Cool.
So how does one differentiate b/w real bounces from my mailer daemon and
this bogus message?
On Wed, 7 May 1997, Michael J. Corrigan wrote:
...
From: Mailer-Daemon
...
Also this header appears in the middle of the received stream (which makes
me rather suspicious of the received lines appearing after it (possibly
forged), though I don't know if there is anything in RFC822 that prohibits
this ordering).
...
This means that no From: header was present in the original message and also
that the originating system did not have the flag set in sendmail to
automatically add From: headers if they are not present. Then a later host
did have that flag set so the From: header got added. Sendmail adds the header
atop the received lines that are already present. It looks unusual because
it is unusual. Most systems have the flag set and so one usually sees a From:
header down below all the received headers (although certain client sendmail
configurations (nullclient.cf) produce this dislocated From: header location,
I believe).