On Thu, 24 Apr 2003 15:38:02 -0400, Doug Essinger-Hileman
<greypilgrim(_at_)interior-castle(_dot_)org> wrote:
Most Message-ID fields I have examined from known legitmate senders
reference the sender's email address or domain. Is it permissible for
the Message-ID field to reference the receiver's address or domain?
It is almost guaranteed spam tactic.
In most cases they generate a Message-ID that has your domain/upstream
domain provider in it, in an attempt to legitimize their email spamming,
also I noticed that lots of them puts your email server ID or domain
name in the Received: line as a server name (which will fail one you
perform a simple nslookup on that IP address), which I think is a
certain program that is doing this.
For example
Here is something that I receive frequently.
If my server IP address is 192.192.0.0 (for example)
My server domain name is myserverdomain.com
A sample header is like this.
From duckpro_adfjasdjfasjdoulr(_at_)aol(_dot_)com Thu Apr 24 17:17:53 2003
Return-Path: <duckpro_adfjasdjfasjdoulr(_at_)aol(_dot_)com>
Received: from myserverdomain.com ([163.21.174.130])
by myserverdomain.com (8.11.6) with SMTP id h3OLHLF25199;
Thu, 24 Apr 2003 17:17:27 -0400
Message-ID: <001800a0cb70$bad76174$76654377(_at_)myserverdomain(_dot_)com>
Or
From duckpro_adfjasdjfasjdoulr(_at_)aol(_dot_)com Thu Apr 24 17:17:53 2003
Return-Path: <duckpro_adfjasdjfasjdoulr(_at_)aol(_dot_)com>
Received: from 192.192.0.0 ([163.21.174.130])
by myserverdomain.com (8.11.6) with SMTP id h3OLHLF25159;
Thu, 24 Apr 2003 17:17:27 -0400
Message-ID: <001800a0cb70$bad76174$76654377(_at_)myserverdomain(_dot_)com>
These are real spam headers, except that I changed the IP address and
domain name to be the same as the example.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail