All, My apologies, I thought I had sent out the following to the list, but it only went to Santiago.
It is a summary of what we found. Also, the famkruithof.net links were very informative as well as Wiki entries on UUIDs and GUIDs Regards, Glenn ================================================= Thanks Santiago (and Scott Talkovic, Chuck Swiger, and everyone else) SUMMARY ------- It's interesting. The examples of the mac.com webmail server-created message-id's that you (Santiago) sent use a time based version 1 UUID, whereas the Mac client-created message-id's use a random based version 4 UUID (http://www.famkruithof.net/guid-uuid-make.html). This question originated because of two emails with suspect message-id's. None of the messages were recorded in the mail logs of the receiving email server, but were none-the-less in the user's IMAP email account. However, one of the two message-id's did appear previously in the receiving email server's log files. All UUID's are supposed to be unique. It would appear that the message-id in the email headers for one of the bogus emails was copied from a previous email and the second was either user generated (http://www.famkruithof.net/uuid/uuidgen) or copied. Since the emails do not show up in the receiving email server's logs, it would further appear that they were placed by the user into the IMAP inbox folder. Glenn -----Original Message----- From: Santiago Barahona [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 4:26 AM To: Glenn Dardick Subject: Re: message-id formatting Take a look: These IDs are generated by the webmail servers, [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] These by the client: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] which seem to fit the description of rfc2822 or rfc 2352? this seems to follow the absolute date and time and content id hash don't you think? regards On 19 Mar 07, at 23:47, Glenn Dardick wrote: I believe the second one may be spoofed - not the first. Glenn -----Original Message----- From: Santiago Barahona [mailto:[EMAIL PROTECTED] Sent: Monday, March 19, 2007 4:42 PM To: Glenn Dardick Cc: [email protected] Subject: Re: message-id formatting It is weird... in deed they use alpha-numeric account names but as far as I know they are limited to 12 o 16 characters... (i'll check it and comeback to you with that)... are you sure it is not a spoofed "mac.com"?? On 16 Mar 07, at 07:14, [EMAIL PROTECTED] wrote: I am trying to find the format of mac.com message-ids. The following are examples of message-id's received in emails from mac.com. [EMAIL PROTECTED] [EMAIL PROTECTED] Any ideas?
