On Tue, 12 Aug 1997, Professional Software Engineering - Lists account wrote:
At 12:05 PM 8/12/97 -0500, Rocket Ray wrote:
I thought I noticed the other day that someone (either on this list or
the spam list) said that the domain part of a proper (non-spoofed)
Message-ID would always match the domain part of the From: address,
Is that true?
No, it is merely a pre-filter someone was looking to do -- they feel more
suspect of messageids that don't match the from address.
An entirely reasonable reason for a messageid not to match the domain is
when the domain is a virtual domain, or when someone is posting for replies
to a personal account, when they are at work (and using the office SMTP
machine to launch the message). You might call it "legal/moral spoofing".
if I'm at my office, I'm not necessarily going to send the message all the
way across the net to my mail server, when I have one accessible on the
ethernet right there.
It may be a useful technique when used in conjunction with a variety of
other spam detection mechanisms (perhaps with weighting), but if you
depended on it directly, you'd find a bunch of reasonable mail getting
ditched.
I'd be more prone to suspect a messageid which contained a domain host that
did not appear in any of the recieved headers, but I wouldn't bet on that
one being right all the time either.
True. I send mail exacly like this on occassion. Mainly when i read my
mail on Patriotnet while logged into Netcom.
Part of my anti-spam is an extensive scoreing filter. I score on a lot of
things that have appeared in spams to me over the past couple of years.
This things took a while to develop, but after initial developement adding
to it takes seconds.
Sole problem is that sometimes Netcom has a problem handling positve
scores properly.
--
Grabel's Law:
2 is not equal to 3 -- not even for large values of 2.