Just a dumb question. Most illegal junkmail senders (I would imagine), use proprietary applications to pour their swill down our throats.
Although many probably use the normal apps like Outlook, the die hard ones must use custom coded apps (and the people using them are not the programmers I bet). Like Outlook Express and Eudora, they should leave header information in the email about the client type, right? Or an I being naive? Although a more intelligent person might strip that out, what about the rest? Is there a list (public) that properly represents junkmail client header "signatures"? And leading into that statement, here is something I found in a recent junk email that lead me into that line of thought: X-Library: Indy 10.00.14-B To: B8V81858 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 I am referring to the X-Library option. Is this legitimate? Or something that is filterable as junk? Also, I see a lot of headers that indicate a "To:" or a destination email with no period and TLD indicator (like above). How can this be filtered? Since the above example has a seemingly legitimate X-Declude-Sender address, I can't deal with that (it's a random email address anyways). But I would imagine that in a legitimate email, all references by a "To:" or "From:" should follow the standard email format.... I know that "headers consistent with spam" and some of the other Declude tests include things like these, but I was wondering how I could assign weight to just those email address violations (I realize that the Declude tests for many items that are consistent with spam, not just the apparent email addresses). Basically, all "To:" or :From:" lines in a header should include an appropriately formatted email address... Am I missing something, or just wishing? Thanks Stan Lyzak, BSEE, CISSP, MCSE�, CCNA, Security+, A+ Network Security Engineer ASysTech, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
