[SpamCop-Geeks] Re: What's an X-UIDL?
Mr K. Mean
spamcop-geeks@news.spamcop.net
Sat, 26 Oct 2002 12:22:26 -0400
kenmce wrote:
> Below is the header off a canadian Ponzi scam I got this morning. What
> does the "X-UIDL" line do? Does Spamcop need it for parsing? Can
> spammers hide stuff in there?
>
>
> Return-Path:
> Received: from POSTE1 (modemcable222.19-201-24.mtl.mc.videotron.ca
> [24.201.19.222])
> by spamvictim (8.11.6/8.11.6) with SMTP id g9Q4q9V16723
> for ; Sat, 26 Oct 2002 00:52:16 -0400
> Message-Id: <200210260452.g9Q4q9V16723>
> From: "Rick"
> To:
> Subject: trust me on this one
> Mime-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> Date: Sat, 26 Oct 2002 00:45:25
> X-Mozilla-Status: 8001
> X-Mozilla-Status2: 00000000
> X-UIDL: 8-@!!24b!!J/M!!(;~"!
>
It seems to be part of the POP3 spec. It allows a client to keep track
of message newness, when you use the keep message on server option.
But like any good and useful thing, spammers mess with it sometimes to
try and fool your client into downloading the message multiple times.
But it seems like this header should only be on the message on the
client, if it is there on the server before POP3 ever touches it, it is
probably a bogus header or a tracking ID or who knows what.
I would say that you could safely remove it from the headers if you
like. Basically any header that starts with X- is something that is not
needed and is usually some sort of optional information.
Stole a lot of this from here:
http://www.crackmonkey.org/pipermail/crackmonkey/1999q1/004006.html
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20010423/025816.html
http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/1998-12/msg00037.html
Kerry.