Ditto. I advise people to use Insert, Item. Far easier than explaining how to drag and drop (or tie shoelaces).
I've noticed that whether the headers survive when they are sent to another Exchange+Outlook company are a crap shoot. Generally speaking, if the message is handled by Outlook, it's not the same message anymore. For example, a BASE64 encoded message becomes plain text, and attached graphics don't show up at all in the "View Source" version. When reporting false positives, I do the best job I can at producing the message that triggered (if it was caught as spam, I scan the message with the current rulebase first; sometimes the rule is already retired) and also dig out the IMail/Declude unique ID and thereby the Message Sniffer log lines. Andrew 8) > -----Original Message----- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Thursday, June 08, 2006 6:45 AM > To: Message Sniffer Community > Subject: [sniffer] Re: [sniffer][Fwd: Re: [sniffer]FP suggestions] > > >Thunderbird and Netscape just takes the full original source and > >attaches it as a message/rfc822 attachment. I forwarded > this message > >back to the list by just pressing "Forward". > > Interesting that they include the headers with a simple > forward, without specifying forward as attachment. I haven't > ever seen that behaviour before in a mail client. Seems like > a few forwards would create a very bloated message with all > of the old headers. > > >I'm pretty sure that > >Outlook Express works simply by just pressing Forward As > Attachment, or > >at least it gives me enough of the original, including the full > >headers, to determine how to block the spam. > > Yes it does. However you've missed the point. The issue is > not how to get the headers. It is how to keep an email > client from encoding the message and headers differently, so > that Sniffer can properly identify the rule that caught the message. > > >Please excuse me for wanting more detail about the Outlook > attachment > >trick, but would you mind attaching this message to a > response so that > >I could look at the headers and such? > > Sorry, I don't use Outlook. But I can tell you the steps to > take in Outlook > 2003 (other versions are almost exactly the same). I have my > Outlook users follow these with no problem. > > 1. Create a new email message > 2. Click the arrow beside the paperclip icon, select item > instead of file from the dropdown 3. Browse mailboxes from > the popup dialog to select the message to attach. > 4. Viola, original message and headers attached. > > >There was a discussion about Outlook's behavior with Scott some time > >ago. Apparently Microsoft was pressured by customers to > remove headers > >when forwarding because they felt that they were a security/privacy > >risk. No one told them that Outlook was a security/privacy risk on > >it's own :) ...but that's another story. I would probably feel > >different if I had the need for groupware though, but digs > at Microsoft > >are irresistible sometimes. > > I don't remember that discussion, and am not sure we're > talking about the same thing. If you attach the original > message via the steps above, you get the full original > message, headers and body. We have a number of customers who > send spam reports this way, mostly on Outlook 2002 and 2003. > > Darin > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> To switch to the INDEX mode, > E-mail to <[EMAIL PROTECTED]> Send administrative > queries to <[EMAIL PROTECTED]> > > ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
