At 12:41 PM 1/16/98 -0500, Dmitry Yaitskov wrote:
On Friday, Jan 16, era eriksson (era(_at_)iki(_dot_)fi) spake thusly:
> Received: From sony300 by ibm266;Fri, 16 Jan 1998 6:2:31 -400 (EDT)
I throw away stuff that has Received: lines beneath From:.
I do not understand this one, could you please explain?
The recieved lines are inserted at the top of the message (the bottommost
is supposed to be the insertion, and the toppmost is where it arrived at
your mail system right before your mailer got it). Since the ORIGINAL
message is posted in, and THEN the SMTP server adds the initial recieved
line *ABOVE* the message, there shouldn't be received lines interspersed
with the other headers.
I don't know what, if any, RFC would specify any of this, but it is common
practice with SMTP.
I've only seen this sort of stuff where someone is trying to make the
message look like it came through some other system - and they do a lousy
job of it, especially if you play connect-the-dots: messages should travel
from one recieved to the next.
Well, it's not for you, and you can rather safely assume that stuff
that is not from a mailing list but still has To: equal to Reply-To:
is spam.
IMHO, this is the one most useful sign than a message is spam. It
might be that I do not receive too much junk email, but checking the
To: field is the only thing my own junk filter does, and it cautches
I'd say about 99% of all junk emails.
What about cc? Do you never get legit bcc? How about the FIRST message
you get after subscribing to a new mailing list (that message you need to
see in order to add the mailing list to your lists filter)? Ever have a
mailing list switch to a new provider?
Also, unfortunatley, some individuals running their own mini-list (jokes to
friends and whatever) often address the message to themselves, and blind
carbon everyone they're sending it to. Quite legit.
If none of this ever happens with you, then go for it. I've simply found
that I cannot assume TO=FROM = SPAM - and I'm pretty liberal with what I
consider to be spam (98,000 domains and counting...).
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395