On Wed, 21 May 1997 13:30:27 +0100 (BST),
lhecking(_at_)nmrc(_dot_)ucc(_dot_)ie (Lars Hecking) wrote:
sarg(_at_)murlin(_dot_)com writes:
X-Mailer: Extractor Pro v5.0
X-Sender: Extractor Pro v5.0
Excellent demonstration material. Wasn't caught by my spam filters
because it came from the list.
The existence of these X-headers should trigger a red alert under all
conditions. (Mine tripped already on the "limited time offer" stuff ...)
Here are a few more:
:0:
* ^X-Mailer:[ ]*\
(NetMailer|Extractor|WorldMerge|Floodgate|Aristotle|EmailBlaster)
maps
:0
* ^Message-Id:[ ]*([^< ]|<>)
maps
That second one seems to match much of the stuff that's been coming
from Cyberpromo lately and should under no circumstances match on
anything from a correctly implemented mail program.
Unless the Message-Id: is forged, this seems to come from murlin.com:
I don't see anything that screams of a forgery, but only the original
headers can reveal that. BTW, I ordered the original headers from the
archive server immediately when I got the spam, but the requests are
usually a bit slow (on the order of thirty minutes to a few hours).
/* era */
PS. Do your share -- complain!
--
Defin-i-t-e-ly. Sep-a-r-a-te. Gram-m-a-r. <http://www.iki.fi/~era/>
* Enjoy receiving spam? Register at <http://www.iki.fi/~era/spam.html>