On Wed, Sep 08, 2021 at 06:17:49PM -0700, Loren Wilton wrote: > > The originating PHP script header helps people who run shared servers > > track down the source of problematic mail. The two most common cases are: > > Does this look valid? > > X-PHP-Originating-Script: 48:class.phpmailer.php > > Just looking at a dozen or so of the smpams I've gotten in the last couple > days that match this pattern, they all have an x-originating-spam-status > of -2.9, which makes me a little suspicious that that header is faked. Maybe > the others are too. > class.phpmailer.php means the email has been sent by PHPMailer, one of the most popular classes used to send emails using Php. 48 is the uid of the user that sent that email, one more info useful to track down compromized account on shared hosting. As-is it's not a spam nor a ham sign.
If x-originating-spam-status has always the same value it's suspect anyway. Giovanni
signature.asc
Description: PGP signature
