To clarify the message ID is always exactly the same or is similar too ?
Message-ID: 1341147286.19774.androidmob...@web140302.mail.bf1.yahoo.com
From: John Dobbin [mailto:jo...@penpublishing.com]
Sent: Thursday, July 05, 2012 4:28 PM
To: Declude.JunkMail@declude.com
Subject:
After review of my samples, the message ID is not consistent so it would be a
poor criteria. I’ve added a body filter to add weight for the yahoo via
android text at the end of each message, but not enough to block by itself and
let the rest of the rules add weight to quarantine. This seems
I took a further look this morning, I have 116 samples from 113 unique
IP addresses from Jun 30 through Jul 03 inclusive.
These really are from Yahoo! and are digitally signed.
The Message-ID really are unique as they should be, and they should be
constructed by a Yahoo! server, possibly based
Spammers know how to vary their headers, some more than others, and it
appears that they are also using the signature merely to take advantage
of bayesian filtering weaknesses. As a Declude user, if you had no
issues before this campaign, you probably will continue to have no
issues, and if you