At 21:31 1999-05-07 -0700, Harry Putnam wrote:
How can one identify easily, messages coming from a .forward mechanism
at a different address, in the case where no "To: " field is present?
Not necessarily an easy task.
address. Not sure what mechanism is used since I only have access to
a web interface that allows users to set forwarding. It doesn't
specify the tools used. But I'm assuming .forward file.
No, more likely an aliases database or similar mechanism - much more
efficient. I'm not familiar with worldnet, but I'd wager that it doesn't
grant users shell access, and thus probably doesn't even have user home
directories in which to have separate .forward files anyway.
Received: from unknown ([38.29.28.100]) by mtiwgwc03.worldnet.att.net
(InterMail v03.02.07 118 124) with SMTP
id <19990508033151(_dot_)JUWU9634(_at_)unknown>;
Sat, 8 May 1999 03:31:51 +0000
With the "To: " field absent in this spam message about a free Florida
vacation, I see no other indicators that this message has been
forwarded. I'd have thought there would be some sort of header
inserted by the forwarding mechanism.
There should be - but it won't necessarily scream "forwarded". In fact, if
the sender is from worldnet, you'll have a rough time identifying if it was
forwarded or received directly. And if they aren't, you'd still have a
rough time of identifying it -- unless your worldnet address appears in the
headers.
Of course, you only give us ONE header to look at, so nobody here can see a
complete example of what it is you actually have to work with -- worldnet
_may_ be dropping a hint in there somewhere (possibly the specific server
that handles forward mail?)
When it comes down to it, unless you're injecting something yourself (via
formail), testing for a forwarded message will be problematic at best.
FTR, this header shows that worldnet.att.net received the message from some
putz at 38.29.28.100 using a psi.net dialup in Las Vegas, NV
I understand a user can set formail to add a header, but as mentioned
I don't have that kind of access.
And it probably isn't there anyway even if you did have that kind of access.
Yet there SHOULD be an extra header - one added when newsguy accepted the
message from worldnet. It'll look pretty much like any other received header.
All my messages have the address of the worldnet mail machine
somewhere in the "Recieved: " lines, and I see no other identifiers
specific to mail with no "To: " that is also forwarded from my AT&T
account.
If you don't see them, and you're wondering where they are, it might make a
lot of sense to show 'em to others, but even without seeing them, I can say
that you'll probably have to resort to weighting. + points for more
occurrences of worldnet in the header (or your worldnet address at all), -
points for your other address, etc.
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395