RE: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ?
Thanks Andy, Matt, and Markus for your feedback...I really appreciate your comments. -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ?
It's the standard Latin-1 character set. http://www.utoronto.ca/webdocs/HTMLdocs/NewHTML/iso_table.html In essence, it means that this line may contain special unicode characters (e.g., accented characters, Umlaute, etc.). More often than not it's an indication that it contains some foreign language word. However, the word Resume is spelled with accents... I'm not sure if the Euro currency symbol may even use that code table. So - be ready for false positives. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Premuda Sent: Wednesday, March 23, 2005 03:21 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ? We have received spam messages in the past whose 'To:', 'From:', 'Subject:', and 'Sender:' lines contain the character string: = ? i s o - 8 8 5 9 - 1 ? Q ? (spaces added to avoid filters) so, we created an external filter (SUBJECT) to detect the string. Now, it appears, this may be a bad idea, because legitimate messages with this string are also being caught by the filter (see message header below from 'lightinguniverse.com' as an example). Can someone verify what this character string means, and whether or not it is okay for this character string to appear in these lines? Also, is it the sender's mail client 'JMail 4.3.0 Free Version by Dimac' that is causing this? Thanks! [Sample Header] Received: from db2.lightinguniverse.com [216.162.208.53] by ns3.fastwave.net with ESMTP (SMTPD32-8.05) id A81B4AB501A4; Wed, 23 Mar 2005 09:32:11 -0800 Received: from www2.lightinguniverse.com ([192.168.1.58]) by db2.lightinguniverse.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 23 Mar 2005 08:58:41 -0800 Subject: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order(s):_#280844_status_update=2E?= Sender: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] From: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] Date: Wed, 23 Mar 2005 09:31:12 -0800 To: = ? i s o - 8 8 5 9 - 1 ? Q [EMAIL PROTECTED] [EMAIL PROTECTED] X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 X-Mailer: JMail 4.3.0 Free Version by Dimac Content-Type: multipart/alternative; boundary=--NEXT_BM_C05FF9D6F4B54DD5A4593FAF0577D05A Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] X-OriginalArrivalTime: 23 Mar 2005 16:58:41.0843 (UTC) FILETIME=[910D5830:01C52FC9] X-RBL-Warning: SUBJECT: Message failed SUBJECT test (line 26, weight 20) X-RBL-Warning: TLD-TRUSTED-HELO: Message failed TLD-TRUSTED-HELO test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-MAILFROM: Message failed TLD-TRUSTED-MAILFROM test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-REVDNS: Message failed TLD-TRUSTED-REVDNS test (line 37, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [216.162.208.53] X-Declude-Spoolname: Da81b4ab501a4206f.SMD X-Note: X-Note: Scanned by Declude JunkMail, Version 1.82 X-Spam-Tests-Failed: WEIGHT10 [10], SUBJECT [20], TLD-TRUSTED-HELO [0], TLD-TRUSTED-MAILFROM [0], TLD-TRUSTED-REVDNS [0] TOTAL [15] X-Note: This E-mail was sent from db2.lightinguniverse.com ([216.162.208.53]). X-Note: -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ?
Kim, JMail by Dimac has had many problems over the years with standards compliance, and abnormal behavior. It's just a poorly coded automated mailer (not client software). You would be generally safe to filter for header elements using this encoding if you gave the filter an exclusion for X-Mailer: JMail in that filter. If you find other examples (and you probably won't with this particular pattern), you could add them in. There is great value in creating separate filters for separate types of things such as spammy encoding of header elements, that way you can pre-qualify the filters with exact patterns known to be in conflict. You might want to review how your SUBJECT filter is constructed and reconstruct separate filters based on not the element of the message, but something more technically exact. Matt Kim Premuda wrote: We have received spam messages in the past whose 'To:', 'From:', 'Subject:', and 'Sender:' lines contain the character string: = ? i s o - 8 8 5 9 - 1 ? Q ? (spaces added to avoid filters) so, we created an external filter (SUBJECT) to detect the string. Now, it appears, this may be a bad idea, because legitimate messages with this string are also being caught by the filter (see message header below from 'lightinguniverse.com' as an example). Can someone verify what this character string means, and whether or not it is okay for this character string to appear in these lines? Also, is it the sender's mail client 'JMail 4.3.0 Free Version by Dimac' that is causing this? Thanks! [Sample Header] Received: from db2.lightinguniverse.com [216.162.208.53] by ns3.fastwave.net with ESMTP (SMTPD32-8.05) id A81B4AB501A4; Wed, 23 Mar 2005 09:32:11 -0800 Received: from www2.lightinguniverse.com ([192.168.1.58]) by db2.lightinguniverse.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 23 Mar 2005 08:58:41 -0800 Subject: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order(s):_#280844_status_update=2E?= Sender: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] From: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] Date: Wed, 23 Mar 2005 09:31:12 -0800 To: = ? i s o - 8 8 5 9 - 1 ? Q [EMAIL PROTECTED] [EMAIL PROTECTED] X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 X-Mailer: JMail 4.3.0 Free Version by Dimac Content-Type: multipart/alternative; boundary=--NEXT_BM_C05FF9D6F4B54DD5A4593FAF0577D05A Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] X-OriginalArrivalTime: 23 Mar 2005 16:58:41.0843 (UTC) FILETIME=[910D5830:01C52FC9] X-RBL-Warning: SUBJECT: Message failed SUBJECT test (line 26, weight 20) X-RBL-Warning: TLD-TRUSTED-HELO: Message failed TLD-TRUSTED-HELO test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-MAILFROM: Message failed TLD-TRUSTED-MAILFROM test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-REVDNS: Message failed TLD-TRUSTED-REVDNS test (line 37, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [216.162.208.53] X-Declude-Spoolname: Da81b4ab501a4206f.SMD X-Note: X-Note: Scanned by Declude JunkMail, Version 1.82 X-Spam-Tests-Failed: WEIGHT10 [10], SUBJECT [20], TLD-TRUSTED-HELO [0], TLD-TRUSTED-MAILFROM [0], TLD-TRUSTED-REVDNS [0] TOTAL [15] X-Note: This E-mail was sent from db2.lightinguniverse.com ([216.162.208.53]). X-Note: -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ?
This indicates a Quoted printable encoded string (?Q?) =?iso-8859-1?B? indicates a Base64 encoded string. Many special characters often used in different languages (German, Italian, Spanish, French, ...) can cause such an encoding. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Premuda Sent: Wednesday, March 23, 2005 9:21 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Line Modifier: = ? i s o - 8 8 5 9 - 1 ? Q ? We have received spam messages in the past whose 'To:', 'From:', 'Subject:', and 'Sender:' lines contain the character string: = ? i s o - 8 8 5 9 - 1 ? Q ? (spaces added to avoid filters) so, we created an external filter (SUBJECT) to detect the string. Now, it appears, this may be a bad idea, because legitimate messages with this string are also being caught by the filter (see message header below from 'lightinguniverse.com' as an example). Can someone verify what this character string means, and whether or not it is okay for this character string to appear in these lines? Also, is it the sender's mail client 'JMail 4.3.0 Free Version by Dimac' that is causing this? Thanks! [Sample Header] Received: from db2.lightinguniverse.com [216.162.208.53] by ns3.fastwave.net with ESMTP (SMTPD32-8.05) id A81B4AB501A4; Wed, 23 Mar 2005 09:32:11 -0800 Received: from www2.lightinguniverse.com ([192.168.1.58]) by db2.lightinguniverse.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 23 Mar 2005 08:58:41 -0800 Subject: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order(s):_#280844_status_update=2E?= Sender: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] From: = ? i s o - 8 8 5 9 - 1 ? Q ?LightingUniverse=2Ecom_Order_Fullfillment?= [EMAIL PROTECTED] Date: Wed, 23 Mar 2005 09:31:12 -0800 To: = ? i s o - 8 8 5 9 - 1 ? Q [EMAIL PROTECTED] [EMAIL PROTECTED] X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 X-Mailer: JMail 4.3.0 Free Version by Dimac Content-Type: multipart/alternative; boundary=--NEXT_BM_C05FF9D6F4B54DD5A4593FAF0577D05A Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] X-OriginalArrivalTime: 23 Mar 2005 16:58:41.0843 (UTC) FILETIME=[910D5830:01C52FC9] X-RBL-Warning: SUBJECT: Message failed SUBJECT test (line 26, weight 20) X-RBL-Warning: TLD-TRUSTED-HELO: Message failed TLD-TRUSTED-HELO test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-MAILFROM: Message failed TLD-TRUSTED-MAILFROM test (line 27, weight 0) X-RBL-Warning: TLD-TRUSTED-REVDNS: Message failed TLD-TRUSTED-REVDNS test (line 37, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [216.162.208.53] X-Declude-Spoolname: Da81b4ab501a4206f.SMD X-Note: -- -- X-Note: Scanned by Declude JunkMail, Version 1.82 X-Spam-Tests-Failed: WEIGHT10 [10], SUBJECT [20], TLD-TRUSTED-HELO [0], TLD-TRUSTED-MAILFROM [0], TLD-TRUSTED-REVDNS [0] TOTAL [15] X-Note: This E-mail was sent from db2.lightinguniverse.com ([216.162.208.53]). X-Note: -- -- -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
