On Fri, 6 Mar 1998, Bill McClatchie wrote:
On Thu, 5 Mar 1998, Professional Software Engineering wrote:
At 06:34 PM 3/5/98 -0700, Bill McClatchie wrote:
:0
* ^From:.*aol\.com
* ! ^Received:.*aol\.com
/dev/null
If its from AOL, it will definately pass this criteria. And the few
recent forged aol spams I've examined would fail this.
The received lines are trivial to forge as well.
I know. Re-read my comment though. :-) For whatever reason, right now
spammers don't seem to be attempting to add a received line indicating it
came from AOL when they forge the aol address.
Be aware that some mailing list software throws out many of the original
message headers, including Received headers. Mail legitimately
originating from aol.com may only have Received headers from the source
of the mailing list. Most software retains the Message-Id header, but
I've seen some that saves the original message ID in an Old-Message-Id
header and generates a new Message-Id header.
James Walden, MD6 OR Postmaster |
Intel MD6 Engineering Computing | "Sendmail is the sort of tool that gave
JF1-22, 1st floor, pole H-16 | UNIX its bad reputation."
(503) 712-1433 | -- _System Performance Tuning_