Hi. A friend of mine runs a website which allows users to email each other using a form but the email that gets spit out triggers a few of SA's rules. The main culprit seems to be MIME_HEADER_CTYPE_ONLY along with a few others so the total score is around 6-ish, which is just enough to kick it over on some installs. The site is coded in Cold Fusion so there is only a limited amount of tweaking that he can do but he would still like to fix some of these issues. Is there any reference material about why MIME_HEADER_CTYPE_ONLY gets triggered? Thanks!
(I know, this is a grey area since reference material on any of SA's tests would simply help the spammers spam more but his site is legit, I swear!)
In looking at the rule in SA3.0, that rule will trigger if there is a Content-Type: header in the message but without one of the following related headers:
Mime-Version Content-Disposition Content-Transfer-Encoding (if not text/plain?)
The third one (CTE) is only needed when not sending text type encoded messages I think (like when MS Exchange base64 encodes the body?). My guess is the Version or Disposition headers are missing or mal-formed perhaps, though I'm not MIME expert myself.
Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
