Personally I believe in obfuscation... The less the spooks know the better including knowing of your evasion by taunting them (/depends on what your trying to accomplish I guess/). For browsers like firefox there's IPFuck and a user-agent string changer that allows one to spoof another browser or create a "/Could be mutt but fucked if I'm telling you/" string. Must be some tool like that for mail user-agents.
https://addons.mozilla.org/en-US/firefox/addon/blend-in/ Also see: https://sourceforge.net/projects/emspoofer/ Rr On 06/08/2016 04:02 AM, Zenaan Harkness wrote: > I know, I know, this is wildly off topic for this list, but I dare to ask: > > Dear Dolly, I note that many punky punks round these parts use their MUA > du journk, yet happily advertise (of course falsely) their MUA User-Agent > name and version (due to the default header config which does as much). > > Of course everyone round these parts is perfectly aware of such matters > and has long ago manually modified such string to discretely lead any > would be infiltrator astray. Such significant information so many people > give away, "presently company excluded" of course... :) > > So, can anyone tell me of known spam filters or "outright rejection" > filters in any known mail server configurations/ setups, which would > reject an email header such as: > > User-Agent: Could be mutt but fucked if I'm telling you. > > Is it better to simply not include such a header? > > Or is it better to do the sly "make it look genuine but it's not" number? > > Better is a purely objective assessment of course with no rune for > alternative threat models or other subjective quasi quagmires... > > Confused, > Z > > P.S. Thank you my gracious and all knowing lords of the crypto best > practices paddfock. May we romp in freedom with daisies to save the world, > as I've heard love and light is all powerful and will save us all. >
signature.asc
Description: OpenPGP digital signature
