Jump to content

What is an X-NAS header?

Reginald

By Reginald
in Geek/Tech Things

Recommended Posts

Reginald Newbie

Reginald

Posted
Posted

Would anyone happen to know what X-NAS headers are?

X-NAS-Bayes: #0: 1.15752E-293; #1: 1

X-NAS-Classification: 0

X-NAS-MessageID: 78967

X-NAS-Validation: {59550AD5-D430-4CB8-AF9E-9839DC1938D2}

I tried Google but I can't find the answer.

The reason why I'm asking is because I have a (plain text) (opt-in) mailing list and we are doing some tests to send HTML mails instead of plain text. However, all tests end up in the junk mail folder so I'm trying to find out if there is something I can do with headers to prevent that...

Any suggestions on what I could do?

Tks!

R.

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted
Would anyone happen to know what X-NAS headers are?

39173[/snapback]

e-mail header X- lines can be anything, mean anything ... some have been standardized and some e-mail servers/products/applications use them, but in general, consider them to be simply a way to add comments to an e-mail header without breaking anuything.

Curiously, my Google brought me back to another SpamCop Forum posting http://forum.spamcop.net/forums/index.php?showtopic=5261 , in which that user states "I use Merak Mail Pro" .. so there's one possibility for the source. On the other hand, it's curious that most of the other e-mail items showing with this in the headers seem to be complaints about spam ...???? And of course, there are those other posts that casually mention Norton AntiSpam ... looks arfully close to something there <g>

Link to comment
Share on other sites
Farelf What Life?

Farelf

Posted
Posted

Refer this example, (genuine) Norton X-headers at the end of the headers, bracketing the Subject:

http://www.spamcop.net/sc?id=z855625201zcd...e727044b5e54f6z

Perhaps some spam fake these but I have yet to see any "duplicated" lines in an email header which I would be expecting in that case. An alternative couple of lines sometimes seen before the subject are

X-NAS-AutoBlock-Code: 6

X-NAS-AutoBlock-Description: Always block emails that contain obscured or disguised Web links

And there are others - the most easily interpreted one in any case immediately follows the Subject:

X-NAS-Classification: 1 (evidently 1=spam, 0=non-spam)

I have seen another AutoBlock-Description: refering to "faint or invisible text". If your trial HTML email is getting a little fancy with text attributes that could well be triggering a NAS spam response somewhere in the chain.

Probably a spam site, rather than an anti-spam site, would be the place to find definitive answers :)

Link to comment
Share on other sites
Merlyn Been There

Merlyn

Posted
Posted

There are a lot of virus header examples out there (Google) with that X- header and I am thinking two different things. People have Norton set to bounce them back to the invalid "From" or "Reply-To" or some spammer has placed these tags in the headers for tracing.

And yes, almost all email server software allows you to add any X- header you want.

Link to comment
Share on other sites
Farelf What Life?

Farelf

Posted
Posted
... or some spammer has placed these tags in the headers for tracing. ...

39194[/snapback]

Could be, but I use Norton (even if I can't spell it half the time) and, as said, haven't seen (or noticed) give-away signs of fake X-NAS headers yet. Following from genuine emails might help to distinguish if there are fakes in the mix
X-NAS-Language: English

X-NAS-Bayes: #0: 2.16188E-103; #1: 1

X-NAS-Classification: 0

X-NAS-MessageID: 7916

X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801}

X-NAS-Classification: 0

X-NAS-MessageID: 7933

X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801}

X-NAS-Language: English

X-NAS-Bayes: #0: 0; #1: 1

X-NAS-Classification: 0

X-NAS-MessageID: 66

X-NAS-Validation: {8A376B19-997C-4E0C-971E-7C8D51184801}

These always appear well after the Subject: Looking also at some false positives, the X-NAS headers always bracket the Subject:, just like "real spam". X-NAS-Validation: appears to be the "signature" of the installation adding the headers (in this case, mine) - it is not the same as the product security key for the installation.
Link to comment
Share on other sites
Lking What Life?

Lking

Posted
Posted

People have Norton set to bounce them back to the invalid "From" or "Reply-To" or some spammer has placed these tags in the headers for tracing.

39194[/snapback]

I have used Norton for years, to my knowledge, Norton Anti spam does not bounce anything. It does play with the header and add "[Norton AntiSpam]" to the subject line of offending email. This makes it easy for email apps to sort identified spam into a spam folder. But it does not generate a delayed bounce.
Link to comment
Share on other sites
Merlyn Been There

Merlyn

Posted
Posted
I have used Norton for years, to my knowledge, Norton Anti spam does not bounce anything.  It does play with the header and add "[Norton AntiSpam]" to the subject line of offending email.  This makes it easy for email apps to sort identified spam into a spam folder. But it does not generate a delayed bounce.

39204[/snapback]

Thanks.

Link to comment
Share on other sites
  • 9 months later...
NotSoAnon Newbie

NotSoAnon

Posted
Posted

Has NE1 here considered that these may be server applied headers so that the ISPs SMTPs' can validate every message entering their network as having been filtered via an enterprise version of NAS [Norton], thereby protecting their own systems from malware prior to redirecting the msg?

In addition, the {bracketed serial number} does not necessarily need to correspond to a specific license, it only needs to properly fit an algorythm design by NAS to validate that a message has actually been scanned by the software.

NE thoughts?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...