I recently received a spam with a mailbox-list in the from: and senderd: headers
From: "Inversiones" <inversiones.fo...@live.com>, <i...@lasinversionesforex.com> Sender: "Inversiones" <inversiones.fo...@live.com>, <i...@lasinversionesforex.com> Since I had not seen mailbox-lists in a from: header before, I ran to read rfc5322: 3.6.2. Originator Fields The originator fields of a message consist of the from field, the sender field (when applicable), and optionally the reply-to field. The from field consists of the field name "From" and a comma- separated list of one or more mailbox specifications. If the from field contains more than one mailbox specification in the mailbox- list, then the sender field, containing the field name "Sender" and a single mailbox specification, MUST appear in the message. In either case, an optional reply-to field MAY also be included, which contains the field name "Reply-To" and a comma-separated list of one or more addresses. Clearly, this message failed this section. Would multiple addresses in either the From: or Subject: headers be a useful spam rule? Is that construct used often somewhere that I'm not familiar with? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part