How common is this type of entry in the header - Disposition-Notification-To: ?
In legitimate E-mail or spam? It's reasonably common in legitimate E-mail, but I haven't noticed it in any spam here.
We are seeing a few of these get through, however, it seems there is some code, Googled the above, that send a read receipt back to the user,
The Disposition-Notification-To: header is one of two ways of generating return receipts.
However, it's pretty dumb for a spammer to do, as it is very easy to filter on (since the E-mail address would have to be a valid one, not a victim's address), and the account receiving the notifications would almost certainly get closed very quickly.
thus you end up with yet more junkmail.
In this case, they will only know that you received the E-mail if [1] You are using a mail client that supports notifications, and [2] You either have the mail client automatically send notifications, or you choose to send the notification to the spammer. I have my mail client set up to ask me whenever someone requests a return receipt.
Is this common use in the header, or can we filter on this and send it to HOLD? Thanks for your aid and advise.
Since I've seen it in a lot of legitimate mail, and not in any spam yet, I would recommend not holding based on that header.
However, as with any spam test, it could work differently for you (the notifications are typically used in business-to-business E-mail, and each user/domain tends to get its own type of spam).
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
