Re: [Exim] mass mailer filter

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: exim-users
Subject: Re: [Exim] mass mailer filter
On Sat, Apr 06, 2002 at 03:39:10AM +0200,
Phil Pennock <Phil.Pennock@???> is thought to have said:

> On 2002-04-05 at 14:04 -0800, Jeremy C. Reed wrote:
> > Sometimes I manually save spam for research. In this spam box with over
> > 1300 spams:
>
> Of the 210 mails in my spam folder (saved for the same reasons), 85 have
> an X-Mailer: header. The two most frequent are:
> 19 X-Mailer: Microsoft CDO for Windows 2000
> 10 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>
> Some googling suggests that "Microsoft CDO" is "Collaboration Data
> Objects" and are basically scriptable objects. There's also:
> HOWTO: Send a Message Using CDO (1.x) with Visual J++ (Q216723)
> in Microsoft's Knowledge Base. And yes, "Message" == "email".
>
> Interestingly, the spams with that header _all_ use my current standard
> email address; most others use some old ones, or junk ones.
>
> I've a suspicion that someone has joined together a web-page parser with
> an email object, using this CDO stuff.
>
> So, has anyone seen that CDO header in any legitimate emails?


When looking at X-Mailer headers in my spamtraps I generally search on the
entire header including "X-Mailer:" against google web and groups
look at the results. If they tend to be all spammish (especially if
all of the hits in google groups are in news.admin.net-abuse.*) then it
goes in the spamfilter.

Both appear to be legit, appearing in various mailing list archives with
messages that don't appear to be spammish.

Tabor

--
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality