lunatechian (lunatech-ian)

one relating to, belonging to, or resembling lunatech

analysis of x-headers in spam

RFC 822 allows people to define and use additional header fields in their emails. These fields start with X- in their names. For example, X-Quarantine-ID or X-Spam-Score. Usually these headers are not too interesting. I wanted to see if the spammers use any custom fields in the spam messages that they send out.

The complete analysis is posted here. The headers that I found interesting (i.e. the ones that occur very infrequently)

X-DSNContext
This seems to be header set by MS Exchange
X-AntiVirus: Checked,
This seems to be header set be spammers to confuse the mail filter
X-ME-UUID
Looks like header set by some mail server
X-Source, X-Source-Args, X-Source-Dir, X-Spam
These are headers set by phplist
X-Failed-Recipients
This is a header generated by exim when it handles mailing lists. Looks like some spammer has a mailing list with all his targeted email ids in it.

Trackbacks

Trackback specific URI for this entryTrackback URL

Comments

    • Posted byAlex
    • on
    OMG, Spammers now using MSExchange?
    Reply

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.