EmailDiscussions.com - View Single Post

David MacQuigg · 1 Dec 2006, 12:40 AM

Just trying to keep the rule simple for people who are new to reading headers. But we can make an exception to "strict chronology" for the Received header, putting it at the bottom of our block. That will satisfy what appears to be a strong preference among experienced "header readers", and will also avoid the problem you point out - a spam filter that has this expectation built in. I don't know of any that work that way now, but it is quite likely as these filters get more sophisticated in the never-ending "arms-race" with spammers. We want to minimize any conflict between our authentication filter and whatever other tools might be in a recipient's setup.

I have changed the header order so that X-Authent is now just above Received. Here is our header block in a test message sent via an A-rated forwarder:

X-Authent: 72.81.252.18 controlledmail.com QR1 PASS ratings=(9,9,110)
Received: from mailout02.controlledmail.com (mailout02.controlledmail.com
... [72.81.252.18]) by open-mail.org (8.13.1/8.13.1) with ESMTP id kAUCEMvD003769
... for <xxx@box67.com>; Thu, 30 Nov 2006 07:14:27 -0500

This is a simple case with no extra heades from additional authentications or spam filtering. See below for a more complex example.

(9,9,110) is (IDstatus, auth_status, IDrating) These numbers mean controlledmail.com is a registered ID, this ID authorizes the transmitter at 72.81.252.18, and this ID has a rating 110, a number we assign temporarily to A-rated senders. Once we have sufficient statistics on messages from this sender, the rating will be the expected number of good messages per spam.

Now for the more complex example. Here is our proposed Canonical Header Order:

X-spam-score-headers:
X-other-body-authentication-headers:
X-other-return-address-authentication-headers:
Received-SPF:
X-other-session-authentication-headers:
X-Authent:
Received:

Example:

X-SpamScore: -14.0
X-Originating-IP: [12.144.145.210]
Authentication-Results: mta150.mail.re3.yahoo.com from=scottrade.com; domainkeys=neutral (no sig)
X-Guessed-SPF: neutral
Received-SPF: none (mail.bmsi.com: 72.81.252.18 is neither permitted nor
... denied by domain of box67.com) client-ip=72.81.252.18;
... envelope-from=xxx@box67.com; helo=mailout02.controlledmail.com;
... receiver=mail.bmsi.com; identity=mailfrom;
X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None)
Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by
... open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for
... <xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500

Comments or suggestions are welcome. If anyone wants to see what their headers will look like, send an email to macquigg at box67 dot com, and I will send it back with the headers preserved.

-- Dave

1 Dec 2006, 12:40 AM	#8
David MacQuigg Member Join Date: Aug 2006 Location: Tucson AZ Posts: 66 Representative of: Open-Mail.org	Just trying to keep the rule simple for people who are new to reading headers. But we can make an exception to "strict chronology" for the Received header, putting it at the bottom of our block. That will satisfy what appears to be a strong preference among experienced "header readers", and will also avoid the problem you point out - a spam filter that has this expectation built in. I don't know of any that work that way now, but it is quite likely as these filters get more sophisticated in the never-ending "arms-race" with spammers. We want to minimize any conflict between our authentication filter and whatever other tools might be in a recipient's setup. I have changed the header order so that X-Authent is now just above Received. Here is our header block in a test message sent via an A-rated forwarder: X-Authent: 72.81.252.18 controlledmail.com QR1 PASS ratings=(9,9,110) Received: from mailout02.controlledmail.com (mailout02.controlledmail.com ... [72.81.252.18]) by open-mail.org (8.13.1/8.13.1) with ESMTP id kAUCEMvD003769 ... for <xxx@box67.com>; Thu, 30 Nov 2006 07:14:27 -0500 This is a simple case with no extra heades from additional authentications or spam filtering. See below for a more complex example. (9,9,110) is (IDstatus, auth_status, IDrating) These numbers mean controlledmail.com is a registered ID, this ID authorizes the transmitter at 72.81.252.18, and this ID has a rating 110, a number we assign temporarily to A-rated senders. Once we have sufficient statistics on messages from this sender, the rating will be the expected number of good messages per spam. Now for the more complex example. Here is our proposed Canonical Header Order: X-spam-score-headers: X-other-body-authentication-headers: X-other-return-address-authentication-headers: Received-SPF: X-other-session-authentication-headers: X-Authent: Received: Example: X-SpamScore: -14.0 X-Originating-IP: [12.144.145.210] Authentication-Results: mta150.mail.re3.yahoo.com from=scottrade.com; domainkeys=neutral (no sig) X-Guessed-SPF: neutral Received-SPF: none (mail.bmsi.com: 72.81.252.18 is neither permitted nor ... denied by domain of box67.com) client-ip=72.81.252.18; ... envelope-from=xxx@box67.com; helo=mailout02.controlledmail.com; ... receiver=mail.bmsi.com; identity=mailfrom; X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by ... open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for ... <xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500 Comments or suggestions are welcome. If anyone wants to see what their headers will look like, send an email to macquigg at box67 dot com, and I will send it back with the headers preserved. -- Dave