-
Invalid or spoofed "From" address (sometimes violating known
constraints for domain)
-
Invalid or unresolvable host name in header or "envelope"
-
Extensive use of "blind carbon copy" -- recipients named
in RFC 821 (SMTP) RCPT TO: commands but not in RFC 822 "To:" header
-
Direct SMTP transmission from a host without a fixed IP address
(often a throw-away dialup account)
-
Receipt of the message from a mail server which does not
enforce restrictions upon relaying
-
Receipt of the message via an IP address, netblock, or domain
matching that of a known spammer or "spamhaus"
-
Telltale words or phrases (e.g. "Make money fast!" or "MLM")
-
Text, subject, or headers identical or very similar to that
of previously broadcast spam
-
Unique headers (or telltale errors in headers) which betray
the use of spamming software
|