Darin,
Thunderbird allows you to choose the default forwarding method as
either inline or as attachment. It might actually default to inline, I
can't remember, but whenever it does message/rfc822 attachments, it is
as a whole unlike some other clients that edit it down to the bare
minimum of what the consider to be useful like addressing, subject date
and MIME stuff if appropriate. I'm definitely guilty of being a
Netscape diehard, and I'm very happy that the Mozilla project brought
things back to life again.
I fully understand the attachment trick with Outlook thanks to the
confirmations. This will be easier than having people cut and paste
the headers in. This doesn't happen much, but there is nothing worse
than getting a spam report without header info.
I also understand the encoding issues with forwarding in Outlook/OE.
It's a shame that this happens. Maybe having a copy of Thunderbird
around for this purpose might fit in where this is an issue. Sounds
like adding Sniffer headers would be the best solution for this issue
on a wider basis since you definitely can't convince every admin not to
submit using Outlook/OE.
Soon I'm going to code up my Sniffer FP reports to be automatically
triggered when a message is reprocessed from my spam review system, so
I won't have to even bother with the source any more. That should only
take a couple of hours, and it would be time well spent. I always fix
issues and whitelist locally where appropriate, but I also report to
Sniffer for the benefit of all in addition to making sure that a FP
rule will not tag something outside of the scope of what I whitelisted,
and I have to report in order to be able to see what the content of the
rule was. Customers do most of the reprocessing now, I just do the
back end stuff.
Matt
Darin Cox wrote:
Thunderbird and Netscape just takes the full original source and
attaches it as a message/rfc822 attachment. I forwarded this message
back to the list by just pressing "Forward".
Interesting that they include the headers with a simple forward, without
specifying forward as attachment. I haven't ever seen that behaviour before
in a mail client. Seems like a few forwards would create a very bloated
message with all of the old headers.
I'm pretty sure that
Outlook Express works simply by just pressing Forward As Attachment, or
at least it gives me enough of the original, including the full headers,
to determine how to block the spam.
Yes it does. However you've missed the point. The issue is not how to get
the headers. It is how to keep an email client from encoding the message
and headers differently, so that Sniffer can properly identify the rule that
caught the message.
Please excuse me for wanting more detail about the Outlook attachment
trick, but would you mind attaching this message to a response so that I
could look at the headers and such?
Sorry, I don't use Outlook. But I can tell you the steps to take in Outlook
2003 (other versions are almost exactly the same). I have my Outlook users
follow these with no problem.
1. Create a new email message
2. Click the arrow beside the paperclip icon, select item instead of file
from the dropdown
3. Browse mailboxes from the popup dialog to select the message to attach.
4. Viola, original message and headers attached.
There was a discussion about Outlook's behavior with Scott some time
ago. Apparently Microsoft was pressured by customers to remove headers
when forwarding because they felt that they were a security/privacy
risk. No one told them that Outlook was a security/privacy risk on it's
own :) ...but that's another story. I would probably feel different if
I had the need for groupware though, but digs at Microsoft are
irresistible sometimes.
I don't remember that discussion, and am not sure we're talking about the
same thing. If you attach the original message via the steps above, you get
the full original message, headers and body. We have a number of customers
who send spam reports this way, mostly on Outlook 2002 and 2003.
Darin
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
