Kevin,

Microsoft E-mail clients have a nasty habit of excluding the To when there are only CC or BCC recipients. You will almost exclusively see this on some sort of E-mail blast from Exchange servers. The proper (RFC compliant) way to construct the headers when no To address is specified would be to do something like the following:

   To: undisclosed-recipients:;

You aren't going to fix the issues with the sender in this case unless you convince them to put at least one To address in because this is a flaw that Microsoft created. It would be easier to just whitelist them.

One other recommendation would be to lower the scores of the BADHEADERS, SPAMHEADERS and HELOBOGUS tests. IMO, the default config is weighted a little heavy with these tests, and they are not highly accurate, and they will often enough trigger on legitimate E-mail in groups.

Matt



Kevin Rogers wrote:

Thanks for showing me that sweet tool, Nick. Has anyone come across this error enough to know which mail client was sending it or if it could be sent legitmately but still gets flagged?

Not having a To: is pretty bad I assume.

Thanks.


Nick Hayer wrote:

Hi Kevin,


Kevin Rogers wrote:

These tests (especially BADHEADERS) seem to be catching a lot of legit mail lately. I've attached one of the headers It seems like many of the emails are sent from Exchange servers. What exactly makes the headers bad? Any ideas?



Here is what made this one fail the BADHEADERS test:
http://www.declude.com/tools/header.php?code=8400000a

-Nick





Received: from ss_email.ssc.internal [216.201.186.154] by Rogersbenefit.com with ESMTP
(SMTPD-8.21) id AA0C60F44; Wed, 17 Aug 2005 10:55:24 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C5A354.6BB3DE4D"
Subject: FW: Erecycler - Request for quote
Date: Wed, 17 Aug 2005 12:52:22 -0500
Message-ID: <[EMAIL PROTECTED]> <http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk&[EMAIL PROTECTED]>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Erecycler - Request for quote
Thread-Index: AcWilPivw61uWKcZTbmhEGnyYpc9YgAvrosg
X-Priority: 1
Priority: Urgent
Importance: high
From: "Carrie Mateer"EMAIL PROTECTED"
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8400000a]. X-RBL-Warning: HELOBOGUS: Domain ss_email.ssc.internal has no MX or A records [0301].
X-Declude-Sender: EMAIL PROTECTED [216.201.186.154]
X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm
X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, WEIGHT10 [13]
X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm
X-Note: This E-mail was sent from mail2.sleepersewell.com ([216.201.186.154]). X-RCPT-TO:EMAIL PROTECTED <http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk&[EMAIL PROTECTED]>
Status: R
X-UIDL: 417013027
X-IMail-ThreadID: 7a0c0e8c000019d1

---
[This E-mail was scanned for viruses.]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses.]



---
[This E-mail was scanned for viruses.]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to