I recently received a spam with a mailbox-list in the from: and senderd: headers
From: "Inversiones" <inversiones.fo...@live.com>,
<i...@lasinversionesforex.com>
Sender: "Inversiones" <inversiones.fo...@live.com>,
<i...@lasinversionesforex.com>
Since I had not seen mailbox-lists in a from: header before, I ran to
read rfc5322:
3.6.2. Originator Fields
The originator fields of a message consist of the from field, the
sender field (when applicable), and optionally the reply-to field.
The from field consists of the field name "From" and a comma-
separated list of one or more mailbox specifications. If the from
field contains more than one mailbox specification in the mailbox-
list, then the sender field, containing the field name "Sender" and a
single mailbox specification, MUST appear in the message. In either
case, an optional reply-to field MAY also be included, which contains
the field name "Reply-To" and a comma-separated list of one or more
addresses.
Clearly, this message failed this section. Would multiple addresses in
either the From: or Subject: headers be a useful spam rule? Is that
construct used often somewhere that I'm not familiar with?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
