Open Bug 293284 Opened 20 years ago Updated 2 years ago

RFE: Request filtering allow to detect malformed headers

Categories

(MailNews Core :: Filters, enhancement)

Product:
MailNews Core
Component:
Filters
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: superbiskit, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)

A significant number of JUNK e-mail arrives with invalid (per RFC) 'From"
addresses, probably forged headers.  This bug requests an option to filter on
the event "'From' (or other) header is invalid."

Reproducible: Always

Steps to Reproduce:
1. Try capturing the Sender's email address from a collection of Junk email. 
Use, for example, AddressContext to pull out the addresses into a potential
Blacklist addressbook.


Actual Results:  
Several of the addresses do not get parsed into the addressbook.
Examining the source reveals the header is, indeed, invalid -- there is no
"accountname@host.net.work" component.

Expected Results:  
An event "Invalid Address Header" should be signalled, allowing some appropriate
action to be taken.

Of course, the ability to probe the sender address to see if such an account
exists would catch a higher percentage of junk, but I expect it would be much
too expensive.
As this is a RFE, changing severity to 'enhancement'.  RFE is valid.

Another option for you sir is to add requests that emails sent before the year
1990 be also marked as spam, as I have seen quite a few of these.  But that
would switch this to a 'malformed header detection' bug, wouldn't it?  If you
like this idea, and want me to change it to a malformed header detection request
(instead of just addresses), please state so :)
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Broadened to request detection of malformed *headers* as suggested by Comment#2
Summary: RFE: Request filtering allow to detect malformed addresses → RFE: Request filtering allow to detect malformed headers
There is also the possibility of catching messages sent day-after-tomorrow. 
This was quite controversial in another context -- I'll try looking it up if
anyone cares!

If the Filter-Rules dialog had [ HeaderName ] ['IS INVALID'] choice, then it
would be reasonable to consider Age-In-Days to be invalid if it computed a
negative number of days. 

But I don't really care to get into the whole argument about what timestamp to
go by in computing age-in-days.  I do note that SpamAssassin has some metric
about the timestamp -- but I only know that from the stuff in its report
headers, and I don't know how it computes its value.  Of course, S/A typically
gets to "see" the message earlier in its lifetime -- like at a mailing list manager.
Well, day-after-tomorrow is too close, because some people have some really
messed up clocks.  Not so messed up to be before 1990, but messed up
none-the-less.  That's why I wasn't too for it, but I suppose the whole "junk
email badheaders" section could have configgable options to fine tune your spam
filtering.
QA Contact: general
Assignee: mscott → nobody
(get thee out of General)
Status: NEW → UNCONFIRMED
Component: General → Filters
Ever confirmed: false
Product: Thunderbird → MailNews Core
QA Contact: general → filters
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.