On 24/10/2010 5:44 PM, Karsten Bräckelmann wrote:
On Sun, 2010-10-24 at 16:26 -0230, Lawrence @ Rogers wrote:
Is there a quick way to compare 2 headers? I am seeing spam lately that
has an invalid e-mail address (one not hosted by us) set in the To:
header, but has the intended one in the Envelope-To: header
What I would like to do is take the Envelope-To and run a regex to check
if the To: header contains it.
The To header is merely cosmetic. It does not have any solid meaning, in
particular does not necessarily match the recipient.
There are perfectly valid reasons to not have the actual recipient in
the To header. Ever sent a message with Bcc recipients? Ever received a
post via a mailing list?
I had not thought of that, but you are right :) I see this mailing list
sets the To: header to users@spamassassin.apache.org, even though the
e-mail comes to me.
I am writing a rule that deals with spam that claims to be coming from
AOL's webmail client, where the e-mail has malformed HTML, references to
remote images, and a high ratio of images to content. I guess I will
have to find another way to detect them.
