Hi Ralph, now if most software is sending a message with 0 or 1 whitespace after the colon, it might be an idea to consider 2 or more whitespaces there as an indicator of an unusual mail program. Now if it could be confirmed that certain often used mailers always trim the subject specified by the user, and send with exactly one whitespace, then the combination of mailer name and two whitespaces would be at least a sure indicator that the mailer name was forged.
Wolfgang Hamann >> >> Perhaps you misread the RFC excerpt a bit? only the field name (!) >> must be composed of characters between 33 and 126. The definition >> >> subject = "Subject:" unstructured CRLF >> >> implies that, as far as I understand, the field body starts with the >> character immediately after the colon. >> >> > Now, as to how SpamAssassin parses the Subject field is open for >> > question. It appears a lot of rules seem to start presuming zero >> > or more blank characters followed by the real search string. >> >> As I wrote before: I believe that many software products dealing >> with email assume that the field body starts with the first non- >> whitespace character after zero or more whitespaces, or that they >> make use of functions like trim() to remove any leading/trailing >> whitespaces as they see fit, i.e. when storing or displaying >> messages. I don't know if checking for "surplus" whitespaces in >> field bodies has a realistic chance of success. >> >> -- >> Mit freundlichen Grüßen / Sincerely >> Dipl. Inform. Ralph Seichter >> >>
