On Sat, 2011-03-05 at 08:40 -0800, John Hardin wrote: > On Sat, 5 Mar 2011, Chris wrote: > > > In the example I posted I also see this in the To: headers when saved as > > a .txt file - "@pop.embarq.synacor.com>, \"ballard\", \"aajhp" > > <bunnysi...@aol.com> > > > I see the same thing - > > "@pop.embarq.synacor.com>, \"cantrell, james\", \"billybeckner\" > > <billybeck...@yahoo.com>, \"ballard\" <bunnysi...@aol.com>, \"aajhp" > > <jl...@embarqmail.com>, I have no idea where the '\' are coming from. > > That means the email address <bunnysi...@aol.com> has the comment > "@pop.embarq.synacor.com>, \"ballard\", \"aajhp" associated with it, and > the email address <jl...@embarqmail.com> has the comment > "@pop.embarq.synacor.com>, \"cantrell, james\", \"billybeckner\" > > <billybeck...@yahoo.com>, \"ballard\" <bunnysi...@aol.com>, \"aajhp" > > A more-expected example would be: "John Hardin" <jhar...@impsec.org> > > That's why the quotes are escaped - they are embedded in the comment. > > _something_ is farking up the recipients list. Whether it's whatever is > composing the message (perhaps it's not properly parsing a recipients > database, or the recipients database is dirty), or some intermediate MTA, > we can't tell from the receiving end. > > You might want to contact the sender and see how the recipient list is > being generated. While this shouldn't affect delivery, as you can see it's > having effects on DKIM and spam scoring. > Thanks John, maybe this is a better example:
Recipients list in spam: To: wayne watts <e...@clear.net>, ebethba...@yahoo.com, jpmalon...@centurylink.net, jnr...@dishmail.com, ree...@swbell.net, "." <bobby.c.ba...@us.army.mil>, training <train...@sheriff.co.coryell.tx.us>, wills <wills.ma...@yahoo.com>, jaredbruton <jaredbru...@yahoo.com>, darrell <darrell.whar...@sbcglobal.net>, rthornley <rthorn...@hot.rr.com>, "Rocwood, Farron" <flcdro...@yahoo.com>, "Patterson, Randy" <rapatterso...@yahoo.com>, "mcminn, carolyn" <dedee5...@yahoo.com>, kenny worthington <kenny.worthing...@embarqmail.com>, hitt <h...@rocketmail.com>, "haines, mark" <hainesmar...@yahoo.com>, Debi4452 <debi4...@yahoo.com>, cpollock <cpoll...@embarqmail.com>, "cheek, tom" <tomandc...@netzero.net>, Chancy <chancyf...@embarqmail.com>, cdneumann <cdneum...@hot.rr.com>, "cantrell, james" <jl...@embarqmail.com>, "@pop.embarq.synacor.com>, \"ballard\", \"aajhp" <bunnysi...@aol.com> Recipients list in ham: To: wayne watts <e...@clear.net>, ebethba...@yahoo.com, jpmalon...@centurylink.net, jnr...@dishmail.com, ree...@swbell.net, "." <bobby.c.ba...@us.army.mil>, training <train...@sheriff.co.coryell.tx.us>, wills <wills.ma...@yahoo.com>, jaredbruton <jaredbru...@yahoo.com>, darrell <darrell.whar...@sbcglobal.net>, rthornley <rthorn...@hot.rr.com>, "Rocwood, Farron" <flcdro...@yahoo.com>, "Patterson, Randy" <rapatterso...@yahoo.com>, "mcminn, carolyn" <dedee5...@yahoo.com>, kenny worthington <kenny.worthing...@embarqmail.com>, hitt <h...@rocketmail.com>, "haines, mark" <hainesmar...@yahoo.com>, Debi4452 <debi4...@yahoo.com>, cpollock <cpoll...@embarqmail.com>, "cheek, tom" <tomandc...@netzero.net>, Chancy <chancyf...@embarqmail.com>, cdneumann <cdneum...@hot.rr.com>, "cantrell, james" <jl...@embarqmail.com>, ballard <bunnysi...@aol.com>, aajhp <aa...@embarqmail.com> The two look the same except for the last few entries where the one marked spam has the last few addressees borked. Apparently something is intermittently adding the @pop.embarq.synacor.com to the list. Do these lines mean he's using Embarqs webmail instead of sending direct from his computer? If so, that could be where the glitches are coming from: X-originating-ip: [76.0.87.41] X-mailer: Zimbra 6.0.5_GA_2213.RHEL4_64 (ZimbraWebClient - IE8 (Win)/6.0.5_GA_2213.RHEL4_64) X-senderip: 10.50.3.117 I'll have to watch for anymore tagged spam and compare to non-spam -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft)
signature.asc
Description: This is a digitally signed message part
