Reginald Posted January 10, 2006 Share Posted January 10, 2006 Would anyone happen to know what X-NAS headers are? X-NAS-Bayes: #0: 1.15752E-293; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 78967 X-NAS-Validation: {59550AD5-D430-4CB8-AF9E-9839DC1938D2} I tried Google but I can't find the answer. The reason why I'm asking is because I have a (plain text) (opt-in) mailing list and we are doing some tests to send HTML mails instead of plain text. However, all tests end up in the junk mail folder so I'm trying to find out if there is something I can do with headers to prevent that... Any suggestions on what I could do? Tks! R. Link to comment Share on other sites More sharing options...
Wazoo Posted January 10, 2006 Share Posted January 10, 2006 Would anyone happen to know what X-NAS headers are? 39173[/snapback] e-mail header X- lines can be anything, mean anything ... some have been standardized and some e-mail servers/products/applications use them, but in general, consider them to be simply a way to add comments to an e-mail header without breaking anuything. Curiously, my Google brought me back to another SpamCop Forum posting http://forum.spamcop.net/forums/index.php?showtopic=5261 , in which that user states "I use Merak Mail Pro" .. so there's one possibility for the source. On the other hand, it's curious that most of the other e-mail items showing with this in the headers seem to be complaints about spam ...???? And of course, there are those other posts that casually mention Norton AntiSpam ... looks arfully close to something there <g> Link to comment Share on other sites More sharing options...
Reginald Posted January 10, 2006 Author Share Posted January 10, 2006 Wazoo, I think you're right about the Norton Anti Spam = NAS. And I also came across a website that said that anything "X-" is indeed used for all sorts of mumbo jumbo. OK, I guess this solves it then... R. Link to comment Share on other sites More sharing options...
Farelf Posted January 11, 2006 Share Posted January 11, 2006 Refer this example, (genuine) Norton X-headers at the end of the headers, bracketing the Subject: http://www.spamcop.net/sc?id=z855625201zcd...e727044b5e54f6z Perhaps some spam fake these but I have yet to see any "duplicated" lines in an email header which I would be expecting in that case. An alternative couple of lines sometimes seen before the subject are X-NAS-AutoBlock-Code: 6 X-NAS-AutoBlock-Description: Always block emails that contain obscured or disguised Web links And there are others - the most easily interpreted one in any case immediately follows the Subject: X-NAS-Classification: 1 (evidently 1=spam, 0=non-spam) I have seen another AutoBlock-Description: refering to "faint or invisible text". If your trial HTML email is getting a little fancy with text attributes that could well be triggering a NAS spam response somewhere in the chain. Probably a spam site, rather than an anti-spam site, would be the place to find definitive answers Link to comment Share on other sites More sharing options...
Merlyn Posted January 11, 2006 Share Posted January 11, 2006 There are a lot of virus header examples out there (Google) with that X- header and I am thinking two different things. People have Norton set to bounce them back to the invalid "From" or "Reply-To" or some spammer has placed these tags in the headers for tracing. And yes, almost all email server software allows you to add any X- header you want. Link to comment Share on other sites More sharing options...
Farelf Posted January 11, 2006 Share Posted January 11, 2006 ... or some spammer has placed these tags in the headers for tracing. ... 39194[/snapback] Could be, but I use Norton (even if I can't spell it half the time) and, as said, haven't seen (or noticed) give-away signs of fake X-NAS headers yet. Following from genuine emails might help to distinguish if there are fakes in the mixX-NAS-Language: English X-NAS-Bayes: #0: 2.16188E-103; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 7916 X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801} X-NAS-Classification: 0 X-NAS-MessageID: 7933 X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801} X-NAS-Language: English X-NAS-Bayes: #0: 0; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 66 X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801} These always appear well after the Subject: Looking also at some false positives, the X-NAS headers always bracket the Subject:, just like "real spam". X-NAS-Validation: appears to be the "signature" of the installation adding the headers (in this case, mine) - it is not the same as the product security key for the installation. Link to comment Share on other sites More sharing options...
Merlyn Posted January 11, 2006 Share Posted January 11, 2006 Looks like Norton headers, that confirms it for me :-) Link to comment Share on other sites More sharing options...
Lking Posted January 11, 2006 Share Posted January 11, 2006 People have Norton set to bounce them back to the invalid "From" or "Reply-To" or some spammer has placed these tags in the headers for tracing. 39194[/snapback] I have used Norton for years, to my knowledge, Norton Anti spam does not bounce anything. It does play with the header and add "[Norton AntiSpam]" to the subject line of offending email. This makes it easy for email apps to sort identified spam into a spam folder. But it does not generate a delayed bounce. Link to comment Share on other sites More sharing options...
Merlyn Posted January 11, 2006 Share Posted January 11, 2006 I have used Norton for years, to my knowledge, Norton Anti spam does not bounce anything. It does play with the header and add "[Norton AntiSpam]" to the subject line of offending email. This makes it easy for email apps to sort identified spam into a spam folder. But it does not generate a delayed bounce. 39204[/snapback] Thanks. Link to comment Share on other sites More sharing options...
NotSoAnon Posted October 19, 2006 Share Posted October 19, 2006 Has NE1 here considered that these may be server applied headers so that the ISPs SMTPs' can validate every message entering their network as having been filtered via an enterprise version of NAS [Norton], thereby protecting their own systems from malware prior to redirecting the msg? In addition, the {bracketed serial number} does not necessarily need to correspond to a specific license, it only needs to properly fit an algorythm design by NAS to validate that a message has actually been scanned by the software. NE thoughts? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.