Thank you, sir.
{^_^}
On 20210328 21:29:55, Kevin A. McGrail wrote:
Ahh, I was dense. the X-MC headers are mailchimp
https://mailchimp.com/developer/transactional/docs/smtp-integration/
<https://mailchimp.com/developer/transactional/docs/smtp-integration/>
--
Kevin A. McGrail
Member,
:26 AM jdow wrote:
> That is well known. Now, who is using the X-MC-xxx header set and are they
> legitimate?
>
> {^_^}
>
> On 20210328 21:20:17, Kevin A. McGrail wrote:
>
> Loren,
>
> See https://tools.ietf.org/html/rfc6648 but basically for email think of
> X- a
That is well known. Now, who is using the X-MC-xxx header set and are they
legitimate?
{^_^}
On 20210328 21:20:17, Kevin A. McGrail wrote:
Loren,
See https://tools.ietf.org/html/rfc6648 <https://tools.ietf.org/html/rfc6648>
but basically for email think of X- as local headers, 100% a
Loren,
See https://tools.ietf.org/html/rfc6648 but basically for email think of X-
as local headers, 100% allowed, do whatever you want with them, no one
should pay any attention unless you publish what they mean. Lots of places,
my firm included, add X-* headers for various purposes.
Regards,
I've started seeing a number of spams with the following block of X headers
in it. I've never seen these before. While these look really fake to me
(from the content of most of them), does any real tool or site make headers
like this, or are they just from some spam tool and I can use them as a
On Sun, 28 Mar 2021, Steve Dondley wrote:
So what's the giveaway that this is spam and what rule can I add to get SA to
recognize it as such? And what is the best way for me to learn how to analyze
the headers so I can recognize spam myself? Any good tutorials for this?
The obfuscated
>
> 15 X-Spam-Status: No, score=-2.7 required=4.0 tests=BAYES_50,DKIM_SIGNED,
> 16 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,INVALID_MSGID,
> 17 MSGID_FROM_MTA_HEADER,OBFU_TEXT_ATTACH,RCVD_IN_DNSWL_HI,
> 18 RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
(You got other good advice; I'll try to avoid being redundant.)
This looks like it really came from comcast's servers, but it's hard to
read headers that have been miswrapped.
I tend to tweak up scores of rules that fire on spam that slips through,
and tweak down scores of rules that misfire on
On 28.03.21 12:01, Steve Dondley wrote:
The email below slipped through my spam filter.
It has malicious content attached which purports to be a voicemail
from comcast (I've snipped the attachment from the example) but it is
actually a phishing attack. The attachment contains a link that goes
The email below slipped through my spam filter.
It has malicious content attached which purports to be a voicemail from
comcast (I've snipped the attachment from the example) but it is
actually a phishing attack. The attachment contains a link that goes to
a web page at an obscure domain that
10 matches
Mail list logo