We have received spam messages in the past whose 'To:', 'From:', 'Subject:',
and 'Sender:' lines contain the character string:
= ? i s o - 8 8 5 9 - 1 ? Q ? (spaces added to avoid filters)
so, we created an external filter (SUBJECT) to detect the string. Now, it
appears, this may be a bad idea, because legitimate messages with this string
are also being caught by the filter (see message header below from
'lightinguniverse.com' as an example).
Can someone verify what this character string means, and whether or not it is
okay for this character string to appear in these lines? Also, is it the
sender's mail client 'JMail 4.3.0 Free Version by Dimac' that is causing this?
Thanks!
[Sample Header]
Received: from db2.lightinguniverse.com [216.162.208.53] by ns3.fastwave.net
with ESMTP
(SMTPD32-8.05) id A81B4AB501A4; Wed, 23 Mar 2005 09:32:11 -0800
Received: from www2.lightinguniverse.com ([192.168.1.58]) by
db2.lightinguniverse.com with Microsoft SMTPSVC(5.0.2195.6713);
Wed, 23 Mar 2005 08:58:41 -0800
Subject: = ? i s o - 8 8 5 9 - 1 ? Q
?LightingUniverse=2Ecom_Order(s):_#280844_status_update=2E?=
Sender: "= ? i s o - 8 8 5 9 - 1 ? Q
?LightingUniverse=2Ecom_Order_Fullfillment?=" <[EMAIL PROTECTED]>
From: "= ? i s o - 8 8 5 9 - 1 ? Q
?LightingUniverse=2Ecom_Order_Fullfillment?=" <[EMAIL PROTECTED]>
Date: Wed, 23 Mar 2005 09:31:12 -0800
To: "= ? i s o - 8 8 5 9 - 1 ? Q [EMAIL PROTECTED]" <[EMAIL PROTECTED]>
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
X-Mailer: JMail 4.3.0 Free Version by Dimac
Content-Type: multipart/alternative;
boundary="--NEXT_BM_C05FF9D6F4B54DD5A4593FAF0577D05A"
Return-Path: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 23 Mar 2005 16:58:41.0843 (UTC)
FILETIME=[910D5830:01C52FC9]
X-RBL-Warning: SUBJECT: Message failed SUBJECT test (line 26, weight 20)
X-RBL-Warning: TLD-TRUSTED-HELO: Message failed TLD-TRUSTED-HELO test (line
27, weight 0)
X-RBL-Warning: TLD-TRUSTED-MAILFROM: Message failed TLD-TRUSTED-MAILFROM
test (line 27, weight 0)
X-RBL-Warning: TLD-TRUSTED-REVDNS: Message failed TLD-TRUSTED-REVDNS test
(line 37, weight 0)
X-Declude-Sender: [EMAIL PROTECTED] [216.162.208.53]
X-Declude-Spoolname: Da81b4ab501a4206f.SMD
X-Note:
--------------------------------------------------------------------------------
X-Note: Scanned by Declude JunkMail, Version 1.82
X-Spam-Tests-Failed: WEIGHT10 [10], SUBJECT [20], TLD-TRUSTED-HELO [0],
TLD-TRUSTED-MAILFROM [0], TLD-TRUSTED-REVDNS [0] TOTAL [15]
X-Note: This E-mail was sent from db2.lightinguniverse.com
([216.162.208.53]).
X-Note:
--------------------------------------------------------------------------------
--
Kim W. Premuda
FastWave Internet Services
San Diego, CA
--
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
