I definitely got an FP this morning on this using a BCC to multiple addresses:
From <[EMAIL PROTECTED]> Thu Jan 22 11:09:35 2004
Received: from *****.*****.*****.org [209.105.181.131] by *****.com with ESMTP
(SMTPD32-8.05) id A5BB61017C; Thu, 22 Jan 2004 11:09:31 -0500
X-Exclaimer-OnMessagePostCategorize-{71daf94f-e3fe-4bbf-865a-6309cc88575e}: C:\Program Files\eXclaimer\eXclaimer.dll - 2.0.4.67
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C3E102.1D744C46"
Subject: [11] Moms
Date: Thu, 22 Jan 2004 11:09:29 -0500
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Moms
thread-index: AcPg93uCfg9mp7t5Qme9dmWnmlCzmgACj/+A
From: "Patti Tripoli" <[EMAIL PROTECTED]>
X-MailPure: ==================================================================
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0).
X-MailPure: HELOBOGUS: Failed, bogus connecting server name (weight 4).
X-MailPure: BASE64: Failed, base64 encoded plain text or HTML (weight 3).
X-MailPure: CONCEALED: Failed, concealed message (weight 1).
X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [8400000a] (weight 4).
X-MailPure: SNIFFER-WHITE: Failed, listed in the White Rules category (weight 0).
X-MailPure: WORDFILTER-BODY: Message failed WORDFILTER-BODY test (line 43, weight 1).
X-MailPure: RECIPIENTS - <[EMAIL PROTECTED]>
X-MailPure: ==================================================================
X-MailPure: Spam Score: 11
X-MailPure: Scan Time: 11:09:35 on 01/22/2004
X-MailPure: Spool File: Df5bb0061017ca15e.SMD
X-MailPure: Server Name: *****.*****.*****.org
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: *****-*****-*****-*****.*****.*****.net [*****.*****.*****.*****]
X-MailPure: ==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure: ==================================================================
X-Declude-Date: 01/22/2004 16:09:29 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 372977713
R. Scott Perry wrote:
I've been laying low on this one for a while, but BADHEADERS hits for not having a proper To address is commonly producing false positives on my system with personal E-mail, some of which will cause the messages to be held. The issue here (just in case it was forgotten) is that Microsoft allows seemingly all of their mail clients to send without specifying a To address, in which case this test gets tripped. This
happens mostly on newsletters or BCC blasts, but it also happens on personal E-mail on occasion, and it is very highly associated with legit E-mail instead of spam (at least on my system). When sending from an Exchange Web mail client, the BASE64 test also gets tripped, so this can be problematic based on associations as well.
Would you please remove this from hitting, or at least give us an entry to turn it off?
What version of Declude JunkMail are you using? The latest interim release will not trigger the BADHEADERS test if there is a Bcc: header but no To: header (whereas previous versions would), since it is technically OK to have no To: header if there is a Bcc: header.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
