Re: Are X-MC-xxx headers legit?

Thank you, sir. {^_^} On 20210328 21:29:55, Kevin A. McGrail wrote: Ahh, I was dense.  the X-MC headers are mailchimp https://mailchimp.com/developer/transactional/docs/smtp-integration/ <https://mailchimp.com/developer/transactional/docs/smtp-integration/> -- Kevin A. McGrail Member,

Re: Are X-MC-xxx headers legit?

:26 AM jdow wrote: > That is well known. Now, who is using the X-MC-xxx header set and are they > legitimate? > > {^_^} > > On 20210328 21:20:17, Kevin A. McGrail wrote: > > Loren, > > See https://tools.ietf.org/html/rfc6648 but basically for email think of > X- a

Re: Are X-MC-xxx headers legit?

That is well known. Now, who is using the X-MC-xxx header set and are they legitimate? {^_^} On 20210328 21:20:17, Kevin A. McGrail wrote: Loren, See https://tools.ietf.org/html/rfc6648 <https://tools.ietf.org/html/rfc6648> but basically for email think of X- as local headers, 100% a

Re: Are X-MC-xxx headers legit?

Loren, See https://tools.ietf.org/html/rfc6648 but basically for email think of X- as local headers, 100% allowed, do whatever you want with them, no one should pay any attention unless you publish what they mean. Lots of places, my firm included, add X-* headers for various purposes. Regards,

Are X-MC-xxx headers legit?

I've started seeing a number of spams with the following block of X headers in it. I've never seen these before. While these look really fake to me (from the content of most of them), does any real tool or site make headers like this, or are they just from some spam tool and I can use them as a

Re: What makes this email spam and how do I train myself to find markers for spam so I can train spamassassin properly?

On Sun, 28 Mar 2021, Steve Dondley wrote: So what's the giveaway that this is spam and what rule can I add to get SA to recognize it as such? And what is the best way for me to learn how to analyze the headers so I can recognize spam myself? Any good tutorials for this? The obfuscated

Re: What makes this email spam and how do I train myself to find markers for spam so I can train spamassassin properly?

> > 15 X-Spam-Status: No, score=-2.7 required=4.0 tests=BAYES_50,DKIM_SIGNED, > 16 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,INVALID_MSGID, > 17 MSGID_FROM_MTA_HEADER,OBFU_TEXT_ATTACH,RCVD_IN_DNSWL_HI, > 18 RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS

Re: What makes this email spam and how do I train myself to find markers for spam so I can train spamassassin properly?

(You got other good advice; I'll try to avoid being redundant.) This looks like it really came from comcast's servers, but it's hard to read headers that have been miswrapped. I tend to tweak up scores of rules that fire on spam that slips through, and tweak down scores of rules that misfire on

Re: What makes this email spam and how do I train myself to find markers for spam so I can train spamassassin properly?

On 28.03.21 12:01, Steve Dondley wrote: The email below slipped through my spam filter. It has malicious content attached which purports to be a voicemail from comcast (I've snipped the attachment from the example) but it is actually a phishing attack. The attachment contains a link that goes

What makes this email spam and how do I train myself to find markers for spam so I can train spamassassin properly?

The email below slipped through my spam filter. It has malicious content attached which purports to be a voicemail from comcast (I've snipped the attachment from the example) but it is actually a phishing attack. The attachment contains a link that goes to a web page at an obscure domain that