Whitelist issue
Glenn Steen
glenn.steen at gmail.com
Fri Nov 3 13:09:17 GMT 2006
On 03/11/06, Gordon Colyn <gordon at itnt.co.za> wrote:
> ITNT Banner Campaign
> This email got through the MailScanner classified as whitelisted. The user
> has whitelisted from andreb at tcmwarehouse.com to sales at tcmwarehouse.com.
>
> Return-Path: <andreb at tcmwarehouse.com>
Hint #1... Pretty likely that this is actually the Envelope from (the
address used in the SMTP conversation, which is the one MailScanner
uses).
> Received: from sentinal2.itnt.co.za (sentinal2.itnt.co.za [196.37.112.91])
> by angel.itnt.co.za (8.13.1/8.13.1) with ESMTP id kA24PI6D015145
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
> for <sales at tcmwarehouse.com>; Thu, 2 Nov 2006 06:25:23 +0200
> Received: from 190.40.232.116 ([190.40.232.116])
> by sentinal2.itnt.co.za (8.13.4/8.13.4) with ESMTP id kA24O3vr027855
> for <sales at tcmwarehouse.com>; Thu, 2 Nov 2006 06:24:14 +0200
> Received: from mail.sugarloafproducts.com (port=15187 helo=ewregvtneyhik)
> by 190.40.232.116 with smtp
> id 3LxQg-rQaO8kf3-p7
> for sales at tcmwarehouse.com; Tue, 02 Nov 2004 23:23:53 -0500
> Message-ID: <000a01c4c15c$e4c78710$01feaa58 at ewregvtneyhik>
> From: "Roy Freeman" <yqhsj at sugartime.net>
> To: andreb at tcmwarehouse.com
As with most headers, those two are very easily "forged". You supply
them during the DATA stage of SMTP, so they are never used for actual
delivery... That is the "job" of the Envelope from and to ... ("MAIL
FROM:<some2addr.ess>" and "RCPT TO:<someother at addr.ess>"
respectively). So....
> Subject: break away as a sorrowful hundred reluctantly
>
> How can it be classified as whitelisted if the from addres is
> yqhsj at sugartime.net? It score 26.
As said, the headers From: and To: have little to no bearing on actual
sender/recipient. You can instruct MailScanner to add those as
"Envelope-From: ..." and "Envelope-To: ..." headers. The drawback with
that is that you'd defeat BCC;-).
If you use MailWatch, the reported From/To (on the details page, as
well as the Recent Messages page) are the envelope ones, so ... it
becomes very visible what the difference is between the two (er,
four:-). Especially on the details page, since you'll see the headers
there too (the envelope from/to are below the headers).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list