< Previous Page Return to Title Page Next Page >

Signs of Spam

  • Invalid or spoofed "From" address (sometimes violating known constraints for domain)
  • Invalid or unresolvable host name in header or "envelope"
  • Extensive use of "blind carbon copy" -- recipients named in RFC 821 (SMTP) RCPT TO: commands but not in RFC 822 "To:" header
  • Direct SMTP transmission from a host without a fixed IP address (often a throw-away dialup account)
  • Receipt of the message from a mail server which does not enforce restrictions upon relaying
  • Receipt of the message via an IP address, netblock, or domain matching that of a known spammer or "spamhaus"
  • Telltale words or phrases (e.g. "Make money fast!" or "MLM")
  • Text, subject, or headers identical or very similar to that of previously broadcast spam
  • Unique headers (or telltale errors in headers) which betray the use of spamming software