What is a "faked mail" ?
On 11/1/19 3:15 PM, Joseph Brennan wrote:
MALFORMED_FREEMAIL is a meta on:
(MISSING_HEADERS||__HDRS_LCASE) && FREEMAIL_FROM
So that and MISSING_HEADERS itself add up to 3.0 points. This seems high.
We rejected a message from gmail that hit MALFORMED_FREEMAIL and
MISSING_HEADERS, and a few other low-scoring things. Because it was
rejected I do not have the message. I believe the sender tried to BCC a
group of people. If I recall correctly MISSING_HEADERS, which refers only
to the To: header, hits when To: exists but is blank. People (ab)using BCC
instead of a list for legit mail is not that uncommon.
The case with __HDRS_LCASE strikes me as very different and much more
likely to be faked mail. I don't know of any freemail providers that write
header names in all lower case. A check against the corpus obviously needs
to back up my guess but I think I'm right.
