Scott, here are the
headers from a recent spam message, and I am wondering how "X-Declude-Sender"
came up with [EMAIL PROTECTED] as the sender address:
=============
Received: from
gw2.pointshare.com [204.189.38.3] by intramail01.pointshare.net with
ESMTP
(SMTPD32-7.13) id AB612CE50110; Tue, 11 Feb 2003 00:59:13 -0800
Received: from gw2.pointshare.com (user-vc8fopa.biz.mindspring.com [216.135.227.42])
by gw2.pointshare.com (Mail Gateway) with SMTP id 661DCADE90
for <[EMAIL PROTECTED]>; Tue, 11 Feb 2003 00:59:11 -0800 (PST)
From: "QuickQuestion" <>
Date: Tue, 11 Feb 2003 00:59:02
To: fake@example.com
Subject: A Quick Question For You
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_SWMHBPEXTP"
Content-Transfer-Encoding: 7bit
Message-ID: PM200012:59:02 AM
X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy very high)
X-RAV-Signature: 5774C890693CEA130620D65BBB38FC28
X-CYBERsitter-SpamManager-In: FAILED - Score Adult: 0 (Req: 17) Spam: 24 (Req: 20) Tot: 24 (Req: 23)
X-CYBERsitter-SpoolFile: Dbb612ce50110cbac.SMD
X-RBL-Warning: FIVETEN-SRC: 42.227.135.216.blackholes.five-ten-sg.com.
X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?216.135.227.42
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8040800e].
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: RAV-FILTER: Message failed RAV-FILTER test (4)
X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (745)
X-RBL-Warning: SPAMMANAGER: Message failed SPAMMANAGER: 24.
X-RBL-Warning: SPAMSNIFFER: Message failed SPAMSNIFFER: 63.
X-Declude-Sender: [EMAIL PROTECTED] [216.135.227.42]
X-Note: This e-mail was filtered for spam by Pointshare's JunkMail Service
X-Spam-Tests-Failed: FIVETEN-SRC, SPAMCOP, BADHEADERS, IPNOTINMX, RAV-FILTER, WORDFILTER, SPAMMANAGER, SPAMSNIFFER, WEIGHT16-35
X-Note: Total spam test weight: 32
(SMTPD32-7.13) id AB612CE50110; Tue, 11 Feb 2003 00:59:13 -0800
Received: from gw2.pointshare.com (user-vc8fopa.biz.mindspring.com [216.135.227.42])
by gw2.pointshare.com (Mail Gateway) with SMTP id 661DCADE90
for <[EMAIL PROTECTED]>; Tue, 11 Feb 2003 00:59:11 -0800 (PST)
From: "QuickQuestion" <>
Date: Tue, 11 Feb 2003 00:59:02
To: fake@example.com
Subject: A Quick Question For You
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_SWMHBPEXTP"
Content-Transfer-Encoding: 7bit
Message-ID: PM200012:59:02 AM
X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy very high)
X-RAV-Signature: 5774C890693CEA130620D65BBB38FC28
X-CYBERsitter-SpamManager-In: FAILED - Score Adult: 0 (Req: 17) Spam: 24 (Req: 20) Tot: 24 (Req: 23)
X-CYBERsitter-SpoolFile: Dbb612ce50110cbac.SMD
X-RBL-Warning: FIVETEN-SRC: 42.227.135.216.blackholes.five-ten-sg.com.
X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?216.135.227.42
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8040800e].
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: RAV-FILTER: Message failed RAV-FILTER test (4)
X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (745)
X-RBL-Warning: SPAMMANAGER: Message failed SPAMMANAGER: 24.
X-RBL-Warning: SPAMSNIFFER: Message failed SPAMSNIFFER: 63.
X-Declude-Sender: [EMAIL PROTECTED] [216.135.227.42]
X-Note: This e-mail was filtered for spam by Pointshare's JunkMail Service
X-Spam-Tests-Failed: FIVETEN-SRC, SPAMCOP, BADHEADERS, IPNOTINMX, RAV-FILTER, WORDFILTER, SPAMMANAGER, SPAMSNIFFER, WEIGHT16-35
X-Note: Total spam test weight: 32
=============
I know that the
sending MTA impersonated one of our gateway servers, but that "X-Declude-Sender"
came up with [EMAIL PROTECTED]
as the sender address is very strange, and this is the first time I have seen
this happen.
Regards,
Bill
