analysis of x-headers in spam

< finding and moving to a new home for cheap in Bangalore | youtube search - sort by video playtime >

Sunday, November 11. 2007

RFC 822 allows people to define and use additional header fields in their emails. These fields start with X- in their names. For example, X-Quarantine-ID or X-Spam-Score. Usually these headers are not too interesting. I wanted to see if the spammers use any custom fields in the spam messages that they send out.

The complete analysis is posted here. The headers that I found interesting (i.e. the ones that occur very infrequently)

X-DSNContext: This seems to be header set by MS Exchange
X-AntiVirus: Checked,: This seems to be header set be spammers to confuse the mail filter
X-ME-UUID: Looks like header set by some mail server
X-Source, X-Source-Args, X-Source-Dir, X-Spam: These are headers set by phplist
X-Failed-Recipients: This is a header generated by exim when it handles mailing lists. Looks like some spammer has a mailing list with all his targeted email ids in it.

Posted by Raj Shekhar at 22:19 | Comment (1) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

OMG, Spammers now using MSExchange?

#1 Alex on 2007-11-13 11:03 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications
	Remember Information? Subscribe to this entry

Calendar

Contact me

Quicksearch

Syndicate This Blog

RSS 0.91 feed

RSS 1.0 feed

RSS 2.0 feed

ATOM 0.3 feed

ATOM 1.0 feed

RSS 2.0 Comments

What else lives here

My site
My wiki - a collection of useful nuggets

Copy-left

Everything written by me and placed on this site is in the public domain , except for any express restrictions included in them . Hack them further and enjoy :-)