Home page logo
/

funsec logo funsec mailing list archives

Re: Mailer Software that inserts "X-NSCC" header?
From: Rich Kulawiec <rsk () gsp org>
Date: Tue, 25 Jun 2013 05:54:59 -0400

On Sun, Jun 23, 2013 at 10:16:45PM -0400, Jeffrey Walton wrote:
Would anyone know what mailer or company is used when "X-NSCC" headers
are present in SPAM?

a) Inserting headers into the canned meat products of the Hormel Corporation
would be a very neat trick.  Perhaps you meant "spam"?

(In an age of gratuitous litigation, Hormel has been surprisingly sanguine
about our co-opting of the term "spam".  I think the least we can do, as
a professional courtesy, is to use it properly.  "Spam", the slang term
for unsolicited bulk email, is *never* capitalized-in-full because it is not
an acronym and because it's not "SPAM"...which comes in a can.)

b) X-headers in email are nonstandard and may be inserted at any
point by any piece of software.  One of the (many) problems with that
is that there's no way to know *which* point was responsible for them --
well, absent secondary evidence.  There's also no way to know if any
subsequent point removed or modified any -- because even though it's not
a good idea to do so, some mail systems do so anyway.  Annnnd just to
make things interesting, some mail systems insert them incorrectly
(for example: no space after the colon) and some mail systems use the
same X-header for different purposes.  Oh yes, and then there are
gratuitous case/spelling differences.

A quick check of my "recent spam" collection (to various spamtraps
and such) shows 542 different X-headers. *sigh*

But none of them show X-NSCC, curiously.  If you'd like to forward the
message in question (with full headers of course) off-list, I can try
to correlate it against my full spam archives and see if perhaps any
clues turn up as to who's using it, what for, why, and so on.

---rsk

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]