IBM AH0QXML User Guide - Page 42

How to detect spam, 4.1.1 Examining the message properties

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

4.1 How to detect spam As the Administrator, you will be tasked with determining what messages are spam. Working closely with your end users, you will get a good idea of the messages reaching the users' mail files. But what about the messages that never make it to a user and wind up as, depending on the configuration of your system, DEAD or HELD mail in mail.box? Dead messages are messages that cannot route to the intended recipient and cannot route back to the sender. Held messages are undelivered messages held in mail.box instead of returning them to the sender. Often times, the address of the sender appears to contain a valid Internet address and the same with the name if the intended recipient. Viewing document properties, you can obtain valuable information about each specific message. Each message contains pertinent information about the sender, the intended recipient, the contents of the message and the hosts that routed this message. Using the information found in certain fields you can implement intended inbound recipient controls or even deny connections from certain hostnames or IP addresses. 4.1.1 Examining the message properties By analyzing the properties of a message and reviewing several key fields, you can determine who the sender is, what servers processed this message, and who the intended recipient is. The fields to examine are: From: This is the address of the From: RFC822 header, if there was one added to the message. The From: address is often different than the SMTPOriginator on spam messages. SMTPOriginator: This is the address of the sender; it is built from the value of the MAIL FROM: IntendedRecipient: This is who the message was originally sent to; often times the address is invalid. Recipients: This is the address of whomever the message should be routed to. Received: This header contains routing information and the names/IP addresses of the SMTP servers that processed this message. All SMTP servers that process this message are required to place a received header on the message. It's not unusual to have a message that contains multiple received headers. To get the document properties of a message: 1. View the documents in mail.box (or mail1.box, mail2.box, and so forth). 30 Lotus Domino 6 spam Survival Guide for IBM eServer

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
30
Lotus Domino 6 spam Survival Guide for IBM eServer
4.1
How to detect spam
As the Administrator, you will be tasked with determining what messages are
spam. Working closely with your end users, you will get a good idea of the
messages reaching the users
mail files.
But what about the messages that never make it to a user and wind up as,
depending on the configuration of your system, DEAD or HELD mail in mail.box?
Dead messages are messages that cannot route to the intended recipient and
cannot route back to the sender. Held messages are undelivered messages held
in mail.box instead of returning them to the sender. Often times, the address of
the sender appears to contain a valid Internet address and the same with the
name if the intended recipient. Viewing document properties, you can obtain
valuable information about each specific message. Each message contains
pertinent information about the sender, the intended recipient, the contents of the
message and the hosts that routed this message. Using the information found in
certain fields you can implement intended inbound recipient controls or even
deny connections from certain hostnames or IP addresses.
4.1.1
Examining the message properties
By analyzing the properties of a message and reviewing several key fields, you
can determine who the sender is, what servers processed this message, and
who the intended recipient is. The fields to examine are:
±
From:
This is the address of the From: RFC822 header, if there was one
added to the message. The From: address is often different than the
SMTPOriginator on spam messages.
±
SMTPOriginator:
This is the address of the sender; it is built from the value
of the MAIL FROM:
±
IntendedRecipient
: This is who the message was originally sent to; often
times the address is invalid.
±
Recipients:
This is the address of whomever the message should be routed
to.
±
Received:
This header contains routing information and the names/IP
addresses of the SMTP servers that processed this message. All SMTP
servers that process this message are required to place a received header on
the message. It
s not unusual to have a message that contains multiple
received headers.
To get the document properties of a message:
1.
View the documents in mail.box (or mail1.box, mail2.box, and so forth).