spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: compare 2 headers

Re: compare 2 headers

From: Lawrence _at_nospam <_at_nospam>
Date: Sun Oct 24 2010 - 20:33:21 GMT

On 24/10/2010 5:44 PM, Karsten Bräckelmann wrote:
> On Sun, 2010-10-24 at 16:26 -0230, Lawrence @ Rogers wrote:
>> Is there a quick way to compare 2 headers? I am seeing spam lately that
>> has an invalid e-mail address (one not hosted by us) set in the To:
>> header, but has the intended one in the Envelope-To: header
>> What I would like to do is take the Envelope-To and run a regex to check
>> if the To: header contains it.
> The To header is merely cosmetic. It does not have any solid meaning, in
> particular does not necessarily match the recipient.
> There are perfectly valid reasons to not have the actual recipient in
> the To header. Ever sent a message with Bcc recipients? Ever received a
> post via a mailing list?
I had not thought of that, but you are right :) I see this mailing list
sets the To: header to, even though the
e-mail comes to me.

I am writing a rule that deals with spam that claims to be coming from
AOL's webmail client, where the e-mail has malformed HTML, references to
remote images, and a high ratio of images to content. I guess I will
have to find another way to detect them.