Home page logo
/

basics logo Security Basics mailing list archives

Re: Basically Lazy - Email Header Analysis
From: J.Reilink <digiover () dsinet org>
Date: Fri, 30 May 2003 07:33:01 +0200

Hi Andy,

----- Original message -----
On Sat, 25 Oct 2003 11:43:23 +0100
"Andy Cuff [talisker]" <offthecuff () lineone net> wrote in message
<001d01c39ae4$d5af6ad0$e800a8c0 () BusterGonad>:

Hi
Whilst drowning my sorrows in the UK rain following our resounding
defeat in the Eurovision song contest (Politics in Europe surely not
!!)  I have turned my attention to email headers.


Like the Netherlands did great.... Must say I have to visit Iceland
sometime... ;-)

Whilst I'm quietly confident about manually analysing email headers, 
I'm looking for tools or web resources that will automate some of the
process. There are plenty of anti-spam resources such as
http://combat.uxn.com/ and http://www.spamhaus.org/ to identify
spammers and there is the infamous Sam Spade for testing Open Mail
Relay Agents. There are a plethora of how-to's and FAQ's about
analysing headers manually.   But I haven't found many resources that
analyse the headers in sufficient accurate detail.


You have mentioned Sam Spade for testing Open Mail Relay Agents, Sam
Spade (the tool, not the site) also has an header analysis tool. It's
somewhere in the menu, called "parse headers" or something like that
(don't have a copy here atm).

The header parsing tool isn't perfect, last time I checked, but it
works.

Personally I would rather run a tool on my own system than put my
headers through a 3rd party website but there are a few sites that
seem to do it fairly well such as http://www.3dmail.com/spam/ which
whilst spam focussed seems fairly comprehensive, though sadly a beta
which hasn't been updated in a year.


Some mentioned SpamCop and I must say it works pretty good.
You could also write your own tool in whatever language you'd like, many
*nix commandline commands are at your disposal: host, vrfy, dig, etc.

Regards, Jan

-- 
Dutch Security Information Network: http://www.dsinet.org

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault