Hi;
An interesting new
twist, at least from what I have noticed, is SPAM coming with no From
address. Here is a sample Header:
====================================================================
Reply-To:
"postmaster" <"postmaster@">
Message-ID: <023e24c88e8d$4637a0e3$2ac64bc8@txcxpg>
From: "postmaster" <"postmaster@">
To: return mail
Subject: [~35]Unlimited Conference Calls $200.00 per month.
Date: Thu, 19 Dec 2002 22:21:57 +0500
MiME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00B3_13A26C4D.D1753B28"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: The Bat! (v1.52f) Business
Importance: Normal
X-RBL-Warning: HELOBOGUS: Domain has no MX or A records.
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: MAILFROM: Domain " has no MX or A records.
X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail.
X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (76)
X-RBL-Warning: COUNTRY: Message failed COUNTRY test (151)
X-Declude-Sender: "postmaster@" [210.19.198.116]
X-Declude-Spoolname: D8f73295801eaf1c0.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.65] for SPAM & virus.
X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, MAILFROM, BASE64, WORDFILTER, COUNTRY, WEIGHT20-59s, WEIGHT20-59r
X-Weight: 35
X-Note: Sent from "postmaster@" - ([210.19.198.116]).
X-Country-Chain: MALAYSIA->destination
====================================================================
Message-ID: <023e24c88e8d$4637a0e3$2ac64bc8@txcxpg>
From: "postmaster" <"postmaster@">
To: return mail
Subject: [~35]Unlimited Conference Calls $200.00 per month.
Date: Thu, 19 Dec 2002 22:21:57 +0500
MiME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00B3_13A26C4D.D1753B28"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: The Bat! (v1.52f) Business
Importance: Normal
X-RBL-Warning: HELOBOGUS: Domain has no MX or A records.
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: MAILFROM: Domain " has no MX or A records.
X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail.
X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (76)
X-RBL-Warning: COUNTRY: Message failed COUNTRY test (151)
X-Declude-Sender: "postmaster@" [210.19.198.116]
X-Declude-Spoolname: D8f73295801eaf1c0.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.65] for SPAM & virus.
X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, MAILFROM, BASE64, WORDFILTER, COUNTRY, WEIGHT20-59s, WEIGHT20-59r
X-Weight: 35
X-Note: Sent from "postmaster@" - ([210.19.198.116]).
X-Country-Chain: MALAYSIA->destination
====================================================================
From what I know
the Blacklist works based on what Declude writes at: X-Declude-Sender which in
this case is just postmaster@.
Does MAILFROM
filter detect invalid FROM addresses?
Regards,
Kami
