On Tue, 20 Feb 2007, Peter Fraser wrote: > Would not a better test be for message-id's of the format > [EMAIL PROTECTED] ?
Probably not. It is quite possible for a legitimate MUA on a host to generate message-ids of the [EMAIL PROTECTED] form. Consider a RFC1918 LAN behind NAT, running from /etc/hosts only. Now OpenBSD creates (or strongly encourages the creation of) a default /etc/hosts with a y.z domain name, and a default /etc/myname with a y.z name in it, but there are, alas, other, less picky OS's out there. And there may be legitimate MUA's that form their message-ids from the basename, since such *does* satisfy RFC. Fighting spam always seems to involve a tradeoff with irritating users, i.e. false positives. Breaking old MUAs is very irritating. Only Beelzebub himself knows what ancient MUAs Win95 lusers are still using. > I also noticed that I seem to have some of my spam that > has a message-id of my own domain name in, so I assume > that some of the mail comes in with no message-id in it at all. Or the spammer generates it on the fly. One host.domain name the spammer can presume to be good is yours. Moveover, such a message-id makes the spam appear (somewhat) to be a response to an email you sent. Whether any spam filters value that, I can't say. Message-ids are not a requirement for legitimate mail, AFAIK. Dave
